Not too long ago we upgraded our Microsoft Exchange 2010 server to Service Pack 1. A few days later I noticed a mailbox I had granted myself full access permission to automatically appeared in Outlook on all of my computers, without my doing anything. A quick search and I found
this article saying it's a new feature which is pretty awesome as far as I'm concerned. I then noticed it was impossible to remove this from Outlook. Even after removing myself from the permissions list in the Exchange Management console the mailbox continued to show up. The article shows where it adds the delegate, so I went to the record and lo and behold the link to myself is still there. I had to manually delete the delegate in ADSI Edit, close and re-open Outlook and then the mailbox disappeared. Hopefully Microsoft will fix this bug in the near future.
How to remove the link:
- Open ADSI Edit.
- Navigate to the user object under Default Naming Context.
- Open the properties of the user and scroll down to MsExchDelegateListLink.
- Remove the value for yourself. In this case I removed Andrew.
- Wait for any replication to happen in your AD infrastructure.
- Close & re open Outlook. Within a few seconds the mailbox should disappear.
Notes:
* Mailboxes you had granted yourself access too before you installed SP1 will not auto discover
* You will have to manually remove this entry for each mailbox you want to remove from Outlook. Annoying.
HI...
ReplyDeleteI don't know if you still watch out for this post. But i am having this problem but the exact opposite.
Users in my domain have been given Full Access Permissions to a certain mail box, but this mailbox doesn't appear in the users sidebar in outlook.
Is there any chance you could offer some sage wisdom for this little issue?
Sincerely
J
This feature was added in SP1 so if you don't have SP1 they won't automatically appear, and you will need to manually add the mailbox to the person's outlook. Did you check and see if the MsExchDelegateListLink value exists?
ReplyDeleteExchange 2010 SP2 here running Outlook2010. Everything is fully patched. I have no entries in my MsExchDelegateListLink and I still have 12 mailboxes I cannot get rid of in my Outlook. Any idea on what I should look at next?
ReplyDeleteRun a fiddler2 trace of the autodiscover event. It could be that Outlook is simply bypassing the autodiscover process and found the server some other way.
DeleteMegabyte, you are going to those 12 mailboxes and looking at the MsExchDelegateListLink on those objects, right?
ReplyDeleteHey Andrew, can you think of a way to mass erase someone from the MsExchDelegateListLink via powershell? When we migrated over we (5 of us) had Full Access to all mailboxes so that we could import old e-mail for the users. So I'm on about 200+ MSExchDelegateListLinks...
ReplyDeleteHi Brian,
DeleteI'm not sure there's a way to do this via powershell, you will probably need to write a VBS to modify those attributes and clear them.
In the future it may be easier if you use the method I wrote a post about a few weeks ago to grant yourself access to all mailboxes because it doesn't create the msExchDelegateListLink attributes.
http://www.andrewparisio.com/2012/01/how-to-grant-full-access-permissions-to.html
Try this to clear the msExchDelegateListLink attribute value on the user account or the mailbox
ReplyDeleteImport-Module ActiveDirectory
$User = Get-ADUser -Properties *
Get-ADObject -Identity $user.Distinguishedname | set-ADObject -Clear msExchDelegateListLink
These three lines should clear up the values set for msExchDelegateListLink if you are not getting them cleaned up automatically after removing full mailbox permissions.
Hi,
ReplyDeleteI have the same problem but with the public folders. Some users had access to the public folders because of the default rights. But I removed it and they don't have access anymore. They however still see the public folder "mailbox" in their Outlook, even without any rights on it. They can't open it or anything, but the root folder is still visible.
Is there a kind of "msExchDelegateListLink" attribute for the public folders?