If you have recently upgraded from exchange 2013 or older to 2016/2019, you might experience the following when you try to remove mailbox permissions using exchange PowerShell. It will let you remove the permissions using exchange admin centre without any error sometimes but when you go back to check the permissions, you will notice that the permissions are back. Sometimes you do get the following warning message too.
WARNING: Can’t remove the access control entry on the object… because the ACE doesn’t exist on the object.
There are two ways to fix this but with both ways you will lose all permission and will have to re-add all the permissions.
- Disable and re-enable the mailbox.
- Remove-mailboxpermission user@domain.com –ResetDefault
Before using any of the above methods, please make sure to note down the current mailbox permissions so you can grant those permissions after actioning the above.
Please note that for the mailboxes with automapping permissions, please check the AD user Attribute of the mailbox under Attribute editor tab of AD account under msExchDelegateListLink. Make a note of that and then add those permissions after actioning the above using PowerShell with automapping switch.
Salman Tariq
SalmanTechBlogs 
Leave a Reply