We have a lot of old outdated SIDs with full mailbox access permissions to multiple mailboxes. Typically, these are users who had access to mailboxes other than their own but have left the company. Is there a way to remove all invalid SIDs from all our mailbox's in one fell swoop?
You would have to write a script that munged through all of the user objects cleaning the permissions up. -- Joe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm TONY-LCG wrote: > We have a lot of old outdated SIDs with full mailbox access permissions to > multiple mailboxes. Typically, these are users who had access to mailboxes > other than their own but have left the company. Is there a way to remove all > invalid SIDs from all our mailbox's in one fell swoop?
Thanks Joe, I found a script on the MS knowledge base for adding permissions, but I can't find one to take these permissions away. Again, If I have a user who has full mailbox rights to another mailbox, how can I build a script that will remove their rights? Thanks, Tony "Joe Richards [MVP]" wrote: > You would have to write a script that munged through all of the user objects > cleaning the permissions up. > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > > TONY-LCG wrote: > > We have a lot of old outdated SIDs with full mailbox access permissions to > > multiple mailboxes. Typically, these are users who had access to mailboxes > > other than their own but have left the company. Is there a way to remove all > > invalid SIDs from all our mailbox's in one fell swoop? >
Look at http://support.microsoft.com/kb/310866/ and also look at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadsaccesscontrollist_removeace.asp?frame=true -- Joe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm TONY-LCG wrote: > Thanks Joe, > I found a script on the MS knowledge base for adding permissions, but I > can't find one to take these permissions away. Again, If I have a user who > has full mailbox rights to another mailbox, how can I build a script that > will remove their rights? > > Thanks, > Tony > > "Joe Richards [MVP]" wrote: > >> You would have to write a script that munged through all of the user objects >> cleaning the permissions up. >> >> -- >> Joe Richards Microsoft MVP Windows Server Directory Services >> Author of O'Reilly Active Directory Third Edition >> www.joeware.net >> >> >> ---O'Reilly Active Directory Third Edition now available--- >> >> http://www.joeware.net/win/ad3e.htm >> >> >> >> TONY-LCG wrote: >>> We have a lot of old outdated SIDs with full mailbox access permissions to >>> multiple mailboxes. Typically, these are users who had access to mailboxes >>> other than their own but have left the company. Is there a way to remove all >>> invalid SIDs from all our mailbox's in one fell swoop?
