I'm hope it's just my syntax being wrong on this one. Can someone help me out with the proper way to delete someone from having specific permissions on the entire Database? It looks like the previous admin had full control but then he was removed from AD. So, here's what I have (please exuse the line breaks).[PS] C:\Windows\System32>Get-ADPermission "mailbox database" | where {$_.user -like "s-*"} | flUser : S-1-5-21-1499267127-3068409404-2779259215-1104Identity : SERVER\First Storage Group\Mailbox DatabaseDeny : TrueAccessRights : {ExtendedRight}ExtendedRights : {Send-As}IsInherited : TrueProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : AllUser : S-1-5-21-1499267127-3068409404-2779259215-1104Identity : SERVER\First Storage Group\Mailbox DatabaseDeny : TrueAccessRights : {ExtendedRight}ExtendedRights : {Receive-As}IsInherited : TrueProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : AllUser : S-1-5-21-1499267127-3068409404-2779259215-1104Identity : SERVER\First Storage Group\Mailbox DatabaseDeny : FalseAccessRights : {GenericAll}ExtendedRights :IsInherited : TrueProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : All[PS] C:\Windows\System32>Remove-ADPermission "mailbox database" -user "S-1-5-21-1499267127-3068409404-2779259215-1104" -ExtendedRights "send as"ConfirmAre you sure you want to perform this action?Removing Active Directory permission "mailbox database" for user"S-1-5-21-1499267127-3068409404-2779259215-1104" with access rights "'send as'". Yes Yes to All No [L] No to All Suspend [?] Help (default is "Y"): YRemove-ADPermission : Cannot remove ACE on object "CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=SERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com" for attribute "ExtendedRight (ObjectType: ab721a54-1e2f-11d0-9819-00aa0040529b)" becauseit is not present.At line:1 char:20+ Remove-ADPermission <<<< "mailbox database" -user "S-1-5-21-1499267127-3068409404-2779259215-1104" -ExtendedRights "send as"[PS] C:\Windows\System32>

Hi, Try to check in ADSIEdit and remove from there. Adsiedit.msc -> configuration -> services -> Microsoft Exchange -> YourOrgName -> Administrative Groups -> Exchange Administrative Group (FYD...) -> YourServerName -> SGName -> DBName-> Properties -> Security Tab& remove the deleted user if you can see here.

Clarify: Remove specific users permission on the mailbox database level Hi, snickered, Amits way is right, you can try it. And Yes, wrong syntax will cause same symptom So, heres the fully cmdlet for remove permission (based on your environment): Get-MailboxDatabase -identity "SERVERNAME\First Storage Group\Mailbox Database" | Remove-ADPermission -user "S-1-5-21-1499267127-3068409404-2779259215-1104" -ExtendedRights Send-As

Amit Tank wrote: Hi, Try to check in ADSIEdit and remove from there. Adsiedit.msc -> configuration -> services -> Microsoft Exchange -> YourOrgName -> Administrative Groups -> Exchange Administrative Group (FYD...) -> YourServerName -> SGName -> DBName-> Properties -> Security Tab& remove the deleted user if you can see here. Beautiful... worked like a charm! The permissions were set all the way up at the "services" --> "microsoft exchange" level. So, I guess that's why I was not able to remove the permissions at the "Mailbox Database" level.

Great, in get-adpermission output it was showing IsInherited: True, that means it was coming from some upper level.