Shared mailbox delegates show as GUIDs.

Question

We recently migrated some accounts to a new Forest that is part of the same Tenant.

After migration of Shared mailboxes I get GUIDs for delegates.

The image shows 3 delegates. The top one showed the user account until after I hit the save button. It looks like some sort of GUID but I don't know from where.
Online I didn't find that GUID on the users account.

Newly created users do not appear to have this issue. The migrated users are working after migration as expected.

So far the GUID doesn't appear to match the migrated account.

Answer 1

Hello,

As you do not see a user with such a GUID online, most probably, the account was deleted in on-premises AD. This is a known behavior. To remedy the issue, just remove the member from the list in the mailbox settings.

Comments

The account was migrated. Yes the migrated account was removed from the source domain after migration. As mentioned I have removed users from delegation and added them back. After adding it shows the guid thing like above.

---

Hello,

Thank you for specifying. The thing is Adaxes caches some properties of mailboxes that reside in Exchange Online along with the mailbox GUIDs. As the account that is displayed as GUID was migrated from one forest to another, there are two sets of cached properties. Looks like Adaxes is trying to use the old set of cached properties to get the Active Directory account from the forest where it no longer exists. To remedy the issue, please, execute the below script in Windows PowerShell on the computer where Adaxes service is installed. The script clears cached property values for Extending objects (stored in Adaxes backend) if the corresponding account no longer exists in the domain. During the script execution, when prompted, provide credentials of the Adaxes service account (the ones specified during the installation).

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Prompt for credentials
$credential = Get-Credential

# Build search filter
$backendPortNumber = $admService.Backend.PortNumber
$searcher = $admService.OpenObject("Adaxes://localhost:$backendPortNumber/CN=Extending Objects,CN=Adaxes Configuration,CN=Adaxes", $credential.Username, $credential.GetNetworkCredential().Password, 0)
$searcher.SearchFilter = "(&(objectClass=adm-ExtendingObject)(objectClass=adm-User))"
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_ONELEVEL"

try
{
    # Execute search
    $searchIterator = $searcher.ExecuteSearch()
    $updatetedObjectsCount = 0
    while ($True)
    {
        $searchResults = $searchIterator.GetNextPage()
        foreach ($searchResult in $searchResults)
        {
            try
            {
                $guid = [Guid]$searchResult.Properties["cn"].Value
            }
            catch
            {
                continue
            }

            try
            {
                $object = $admService.OpenObject("Adaxes://<GUID=$guid>", $credential.Username, $credential.GetNetworkCredential().Password, 0)
            }
            catch
            {
                $object = $NULL
            }

            # Clear property values
            if ($NULL -eq $object)
            {
                $extendingObject = $admService.OpenObject($searchResult.AdsPath, $credential.Username, $credential.GetNetworkCredential().Password, 0)
                $extendingObject.Put("adm-O365ExchangeObjectId", $NULL)
                $extendingObject.Put("adm-O365ExchangeRecipientType", $NULL)
                $extendingObject.Put("adm-O365ExchangeRecipientTypeDetails", $NULL)
                $extendingObject.Put("adm-O365LastKnownAssociatedTenantId", $NULL)
                $extendingObject.Put("adm-O365ObjectId", $NULL)

                try
                {
                    $extendingObject.SetInfo()
                    $updatetedObjectsCount++
                }
                catch
                {
                    $warning = "An error occurred when updateting extening object $guid`. Error: " + $_.Exception.Message
                    Write-Warning  $warning
                }
            }
        }

        if (($searchResults.Length -eq 0) -and ($searchIterator.IsSearchCompleted))
        {
            break # no more results to return
        }
    }
    Write-Host "Updated objects count" $updatetedObjectsCount
}
finally
{
    # Release resources
    if ($searchIterator) { $searchIterator.Dispose() }
}

---

Thank you

This has resolved the issue.