0 votes

We recently migrated some accounts to a new Forest that is part of the same Tenant.

After migration of Shared mailboxes I get GUIDs for delegates.

image.png

The image shows 3 delegates. The top one showed the user account until after I hit the save button. It looks like some sort of GUID but I don't know from where.
Online I didn't find that GUID on the users account.

Newly created users do not appear to have this issue. The migrated users are working after migration as expected.

So far the GUID doesn't appear to match the migrated account.

by (790 points)

1 Answer

0 votes
by (270k points)

Hello,

As you do not see a user with such a GUID online, most probably, the account was deleted in on-premises AD. This is a known behavior. To remedy the issue, just remove the member from the list in the mailbox settings.

0

The account was migrated. Yes the migrated account was removed from the source domain after migration. As mentioned I have removed users from delegation and added them back. After adding it shows the guid thing like above.

0

Hello,

Thank you for specifying. The thing is Adaxes caches some properties of mailboxes that reside in Exchange Online along with the mailbox GUIDs. As the account that is displayed as GUID was migrated from one forest to another, there are two sets of cached properties. Looks like Adaxes is trying to use the old set of cached properties to get the Active Directory account from the forest where it no longer exists. To remedy the issue, please, execute the below script in Windows PowerShell on the computer where Adaxes service is installed. The script clears cached property values for Extending objects (stored in Adaxes backend) if the corresponding account no longer exists in the domain. During the script execution, when prompted, provide credentials of the Adaxes service account (the ones specified during the installation).

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Prompt for credentials
$credential = Get-Credential

# Build search filter
$backendPortNumber = $admService.Backend.PortNumber
$searcher = $admService.OpenObject("Adaxes://localhost:$backendPortNumber/CN=Extending Objects,CN=Adaxes Configuration,CN=Adaxes", $credential.Username, $credential.GetNetworkCredential().Password, 0)
$searcher.SearchFilter = "(&(objectClass=adm-ExtendingObject)(objectClass=adm-User))"
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_ONELEVEL"

try
{
    # Execute search
    $searchIterator = $searcher.ExecuteSearch()
    $updatetedObjectsCount = 0
    while ($True)
    {
        $searchResults = $searchIterator.GetNextPage()
        foreach ($searchResult in $searchResults)
        {
            try
            {
                $guid = [Guid]$searchResult.Properties["cn"].Value
            }
            catch
            {
                continue
            }

            try
            {
                $object = $admService.OpenObject("Adaxes://<GUID=$guid>", $credential.Username, $credential.GetNetworkCredential().Password, 0)
            }
            catch
            {
                $object = $NULL
            }

            # Clear property values
            if ($NULL -eq $object)
            {
                $extendingObject = $admService.OpenObject($searchResult.AdsPath, $credential.Username, $credential.GetNetworkCredential().Password, 0)
                $extendingObject.Put("adm-O365ExchangeObjectId", $NULL)
                $extendingObject.Put("adm-O365ExchangeRecipientType", $NULL)
                $extendingObject.Put("adm-O365ExchangeRecipientTypeDetails", $NULL)
                $extendingObject.Put("adm-O365LastKnownAssociatedTenantId", $NULL)
                $extendingObject.Put("adm-O365ObjectId", $NULL)

                try
                {
                    $extendingObject.SetInfo()
                    $updatetedObjectsCount++
                }
                catch
                {
                    $warning = "An error occurred when updateting extening object $guid`. Error: " + $_.Exception.Message
                    Write-Warning  $warning
                }
            }
        }

        if (($searchResults.Length -eq 0) -and ($searchIterator.IsSearchCompleted))
        {
            break # no more results to return
        }
    }
    Write-Host "Updated objects count" $updatetedObjectsCount
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}
0

Thank you

This has resolved the issue.

Related questions

0 votes
1 answer

I'd like some help with a script to revoke a users rights to a shared mailbox upon being removed from a security group. I already have the reverse, a script that adds users to a shared mailbox, if they are a member of a group, now I just need the reverse.

asked Mar 20 by dominik.stawny (160 points)
0 votes
1 answer

We have a "Create Shared Mailbox" function which uses a custom command in PS. I've amended my PS script to created Shared Mailboxes to be inline with the V3 of Exchange ... issue? Here's the script And here's the error after using the the function once.

asked Jun 13, 2023 by Homelander90 (330 points)
0 votes
1 answer

Hi, i try to give the Support the permission to manage sent items of Shared mailboxes (O365): I've activated "Edit mailbox properties" in the frontend but cannot find this setting.

asked Mar 20, 2023 by boris (450 points)
0 votes
1 answer

I tried searching and looking through the script repo but I coun't find what I was looking for. Is there a script I can use with "If PowerShell scripts returns true" ... want to run a scheduled job only on mailboxes that are NOT Shared Mailboxes. Thank you,

asked Sep 26, 2022 by hgletifer (1.3k points)
0 votes
1 answer

Hi We have Exchange set up in hybrid mode and are currently using scripts to create the remote mailbox. We're looking to enable Adaxes to do this (from here) but before we do ... there's anything special we need to do in order to get this to work? Thanks Matt

asked Jun 10, 2022 by chappers77 (2.0k points)
3,326 questions
3,026 answers
7,727 comments
544,678 users