0 votes

We recently migrated some accounts to a new Forest that is part of the same Tenant.

After migration of Shared mailboxes I get GUIDs for delegates.

image.png

The image shows 3 delegates. The top one showed the user account until after I hit the save button. It looks like some sort of GUID but I don't know from where.
Online I didn't find that GUID on the users account.

Newly created users do not appear to have this issue. The migrated users are working after migration as expected.

So far the GUID doesn't appear to match the migrated account.

by (790 points)

1 Answer

0 votes
by (289k points)

Hello,

As you do not see a user with such a GUID online, most probably, the account was deleted in on-premises AD. This is a known behavior. To remedy the issue, just remove the member from the list in the mailbox settings.

0

The account was migrated. Yes the migrated account was removed from the source domain after migration. As mentioned I have removed users from delegation and added them back. After adding it shows the guid thing like above.

0

Hello,

Thank you for specifying. The thing is Adaxes caches some properties of mailboxes that reside in Exchange Online along with the mailbox GUIDs. As the account that is displayed as GUID was migrated from one forest to another, there are two sets of cached properties. Looks like Adaxes is trying to use the old set of cached properties to get the Active Directory account from the forest where it no longer exists. To remedy the issue, please, execute the below script in Windows PowerShell on the computer where Adaxes service is installed. The script clears cached property values for Extending objects (stored in Adaxes backend) if the corresponding account no longer exists in the domain. During the script execution, when prompted, provide credentials of the Adaxes service account (the ones specified during the installation).

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Prompt for credentials
$credential = Get-Credential

# Build search filter
$backendPortNumber = $admService.Backend.PortNumber
$searcher = $admService.OpenObject("Adaxes://localhost:$backendPortNumber/CN=Extending Objects,CN=Adaxes Configuration,CN=Adaxes", $credential.Username, $credential.GetNetworkCredential().Password, 0)
$searcher.SearchFilter = "(&(objectClass=adm-ExtendingObject)(objectClass=adm-User))"
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_ONELEVEL"

try
{
    # Execute search
    $searchIterator = $searcher.ExecuteSearch()
    $updatetedObjectsCount = 0
    while ($True)
    {
        $searchResults = $searchIterator.GetNextPage()
        foreach ($searchResult in $searchResults)
        {
            try
            {
                $guid = [Guid]$searchResult.Properties["cn"].Value
            }
            catch
            {
                continue
            }

            try
            {
                $object = $admService.OpenObject("Adaxes://<GUID=$guid>", $credential.Username, $credential.GetNetworkCredential().Password, 0)
            }
            catch
            {
                $object = $NULL
            }

            # Clear property values
            if ($NULL -eq $object)
            {
                $extendingObject = $admService.OpenObject($searchResult.AdsPath, $credential.Username, $credential.GetNetworkCredential().Password, 0)
                $extendingObject.Put("adm-O365ExchangeObjectId", $NULL)
                $extendingObject.Put("adm-O365ExchangeRecipientType", $NULL)
                $extendingObject.Put("adm-O365ExchangeRecipientTypeDetails", $NULL)
                $extendingObject.Put("adm-O365LastKnownAssociatedTenantId", $NULL)
                $extendingObject.Put("adm-O365ObjectId", $NULL)

                try
                {
                    $extendingObject.SetInfo()
                    $updatetedObjectsCount++
                }
                catch
                {
                    $warning = "An error occurred when updateting extening object $guid`. Error: " + $_.Exception.Message
                    Write-Warning  $warning
                }
            }
        }

        if (($searchResults.Length -eq 0) -and ($searchIterator.IsSearchCompleted))
        {
            break # no more results to return
        }
    }
    Write-Host "Updated objects count" $updatetedObjectsCount
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}
0

Thank you

This has resolved the issue.

Related questions

0 votes
0 answers

We currently convert user mailboxes to shared mailboxes during deprovisioning process but if the user mailbox was already a shared mailbox then the script throws an error ... user mailbox. Here is the actions of the current deprovision command: Thanks!

asked Oct 1 by Carlos (40 points)
0 votes
1 answer

So if we change the flow on the exisitng deprovision script to the above, is there a way to set a retention policy tag to the converted mailbox? Our standard retention is 90 days.

asked Sep 19 by EnbyAdmin (60 points)
0 votes
1 answer

I am looking for a solution to recognize in advance when the storage space of a shared mailbox is full and then a mail is sent Unfortunately, the report under ... -Encoding UTF8 Is there possibly a solution to query this automatically via Adaxes? Thanks!

asked Sep 13 by boris (530 points)
0 votes
1 answer

Good afternoon, Is there a script for adding a user to an already existing Office 365 Shared Mailbox? I want to add this script onto the onboarding rules I have added already.

asked May 7 by ocanizales (60 points)
0 votes
1 answer

I'd like some help with a script to revoke a users rights to a shared mailbox upon being removed from a security group. I already have the reverse, a script that adds users to a shared mailbox, if they are a member of a group, now I just need the reverse.

asked Mar 20 by dominik.stawny (280 points)
3,549 questions
3,240 answers
8,232 comments
547,815 users