[des]

I'm trying to remove a user's mailbox that I just created. I'm logged in as Administrator on the exchange server via RDP and running the exchange management console. When I right click on Dave's mailbox, it says:

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Remove' could not be performed on object 'Dave XXXXXX'.

Dave XXXXXXXX
Failed
Error:
Active Directory operation failed on [name of our domain server]. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0


The user has insufficient access rights.

So apparently it's trying to delete something over on the Domain Server in Active Directory at the same time and failing. I certainly don't want Dave's account deleted, if that's what it's trying to do. I researched this online and someone suggested that our user profiles folder might have "protect from accidental deletion" enabled but I checked and that's not there. So what is it trying to do, how can I get around it, or is there a better way to remove the mailbox?

 

[Tomshawk]

Check out this thread, mainly TWHarrinton's replies

Exchange 2010 error

Looks like an AD replication problem

 

[des]

Well that's interesting. I checked them all and there were 4 users that weren't inheriting permissions. 2 were ones there were set up with a spelling error or wrong last name and had to be altered or deleted and re-created did not have inherited permissions. The other 2 were special accounts that were set up somewhat differently. They're all altered now and Dave's was one of them so now his mailbox could be deleted (or at least marked for deletion or whatever). So they use the users' own permissions for deletions? Yeah, that makes perfect sense, lol.

Now, apparently he has like 4 mailboxes disconnected from prior attempts and there is no remove button (genius design, MS!). So I had to attach them to dummy profiles or e-mail-less profiles that I made for specific tasks, etc and then remove them to mark for deletion, which re-disconnected them pending removal and they all have the same name so I'm not sure I actually got them all. Since they thought getting rid of the purge button was also genius design, how do I force exchange to do a little cleanup and eliminate them right now?

Also, it popped up a message saying that certain changes wouldn't occur until replication happened between the servers. Associated accounts now will not open properties in AD. It just says "The Active Directory Services object could not be displayed. The active directory services object cannot be found. It may have been deleted by another user or an active directory domain controller may be temporarily unavailable" which btw better not be true! Connecting a mailbox to a generic production department login with no e-mail and then hitting remove certainly should not delete the production user account for example.

I looked up how to force that to happen one time manually and the directions led me to AD Sites and Services. Well, it turns out our exchange server isn't in our site. Also the server technicians apparently named it "default-first-site-name" lol. And 1 server is not in use for domain stuff anymore and is still listed there and another that I just removed from the list was removed from the server rack months ago for recycling. Also, under our DC then NTDS Settings, it says "There are no items to show in this view." So apparently someone messed that up. But I assume replication is happening on a schedule or certain other things wouldn't be working. So how bad is it that our exchange server isn't in our site and is there another way to manually force replication to the mail server?

 

[des]

aha, I researched it a bit and restarted the correct services to force replication. Obviously that's a stupidly-bad idea that kicked some people into work offline mode in Outlook but whatever, it worked. I also had to restart a service or two on the DC side. If anyone has a much better command on either side to do such things, let me know now I just have to somehow magically trick barracuda into doing what I want it to restore-wise. I could have sworn it had more options than this for down to the specific e-mail recovery methods.

 

[Tomshawk]

WOW, What a mess, sounds like whoever set this up was learning as they went.

There is no ad replication to a mail server if it is not in your site. That I am aware of.

Barracuda, Love it but restoring from it can be a royal pain, that's for sure.

Good luck with everything

 

[des]

Well it allegedly was a company that does like 3 server installs a month but that wasn't the impression I got. It was down to me slowly BSing my way through it with internet instructions vs them doing it for a fairly low labor fee. They won Now I think it should have been me since they obviously rushed it.

I don't suppose you have awesome, helpful instructions somewhere for adding a server to a site?

 

[Tomshawk]

Before trying to give any kind of instructions on something, I would need to know alot more about the network setup/configuration.

Any mistakes could render your exchange server useless.

You need to find a reputable consulting firm in your area to assist

 

[des]

I think I'll just make the initial company come take a look "under warranty" since they already know I'm not real happy with their work.

 

[Tomshawk]

I think I'll just make the initial company come take a look "under warranty" since they already know I'm not real happy with their work.

As long as they do it under warranty, Good idea, but keep an eye on them, while they are there.