Good Day. Need help. We have trying test installations of Exchange Servers in our domain for several times with deleting Exchange Servers. Now we are using Exchange as a mail mailbox system. But there is one trouble. When i creating a mailbox in a list of Full Access Permission system adds many accounts such as: Domain\eExchange Servers Doamin\Exchange Trusted Subsystem NT AUTHORITY\SELF NT AUTHORITY\SYSTEM S-1-5...... 5 accounts like this... ...... subdomain.domain\user (the user account from daughter domain) Poor user saws in Outlook all users mailboxes, i don`t know how to solve this problem. Please help me...

Anything that is a number starting with S will probably be deleted accounts. Those permissions will be inherited from somewhere, so you need to look in Exchange, on the databases etc for where they are listed. The other permissions are to be expected and you shouldn't attempt to remove them. Exchange permissions are complex and the general rule is do not touch unless you understand completely the consequences. For example people will remove "Everyone" because it has "Read" permissions, thinking that is Read permissions to the mailbox - it isn't. It is Read permissions to the AD object which is required to know whether they have permissions or not. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Those permissions will be inherited from somewhere, so you need to look in Exchange, on the databases etc for where they are listed. That is the question from where this permissions is inherited? I dont know where to look...

I have told you where to look. On the properties of each major object in the Exchange org, servers, databases etc. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

The first 4 groups/user is default for Exchange and AD. S-1-5.. is usually mean that the account been deleted and AD still have the account via the SID.

Try this command # Filter function to filter out the unwanted permissions like (S-1-1-5....) filter filt($keyword) { if ( ($_ | out-string) -like "*$keyword*" ) { $_ } } Get-mailbox -resultsize unlimited | Get-MailboxPermission | filt "S-" | Export-csv c:\Need_to_be_deleted_unwanted_permissions.csv $val = import-csv c:\Need_to_be_deleted_unwanted_permissions.csv start-transcript c:\log.txt $val | % { Remove-MailboxPermission -Identity $_.identity -User $_.user -AccessRights FullAccess -InheritanceType All -verbose -confirm:$false } stop-transcript Thanks Joseph Pradeep =========================================================== If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer".