msExchDelegateListLink and the trouble Which it gave :)

Sorry for keeping the blog so Dull and not updating the same.

I would try to keep it as active as possible hence forth ( I know this was the same promise which I had made in my last blog too)

Well, recently I was working on a case where msExchDelegateListLink  attribute was causing some problem to the end users.

First let's see what is this attribute used for ::Well this feature is used when we do Automapping.

Have we ever thought that as soon as you give full mailbox permission for USER B on USER A's mailbox, how does the USER B sees the USERA's Mailbox in the outlook ??

Ranjit had written a good Blog about the same https://theucguy.net/auto-mapping-mailboxes-with-full-access/

Well think about this scenario now

USER A was given Full Mailbox Permission for USER A :(

Post that they were seeing User A as AlternativeMailbox while doing the TestAutoconfig. I would say expected. Now even after removing the FULL mailbox Permission for USER A we were still seeing it :: Not Expected at all

What was this Breaking ??

This was breaking their search while doing the search they were getting two results one for the Original Mailbox and the other for the AlternativeMailbox (especially for TASKS).

I actually thought it might be because of the AD replication. Looks like I was proved wrong again on this one.:(

When we were digging through this scenario I was able to find Jim Martin's Brilliant Blog which talked about autoD may fail https://blogs.technet.com/b/tips_from_the_inside/archive/2012/01/11/autodiscover-fails-for-one-or-more-users.aspx

Then we looked at the msExchDelegateListLink  and we found that the user was present. Now it was challenging for removing only the Self Account.

After digging into a lot of Scripting, we were able to find the solution and implement the same.

This was a two step procedure.

Step 1 was to find out all the users who had the msExchDelegateListLink attribute and then export the same.

    Get-ADUser -Properties msExchDelegateListBL,msExchDelegateListLink -LDAPFilter "(msExchDelegateListBL=*)" | Select @{n='Distinguishedname';e={$_.distinguishedname}},@{n= 'alternate';e={$_.msExchDelegateListLink}} | Export-csv userlist.csv –notypeinformation –noclobber

 Step 2 was to remove the self permission

import-csv "userlist.csv" | % {get-aduser -identity $_.distinguishedname | set-aduser -remove @{msExchDelegateListlink=$_.distinguishedname}}

-----

 

Written by Naveen Vasudevan