0 votes

Hello,

we have a forest with two trees that hold one domain each. There is a default tree-root trust (transitive, two-way) between the top domains. Since both trees are in the same forest they share the same global catalog and schema.

We configured a button in Adaxes (Version 2017.2) to manage the "Send on behalf of" and "Full Access" properties of our shared mailboxes in Exchange. We used the built-in functionality from Adaxes. The shared mailboxes are all held in one OU of our forest root domain. We use an OU-filter to list all operation targets.

As long as the shared mailboxes are of the type "Regular" everything works fine. If we change the type of a shared mailbox user to "Shared" the "Full Access" property cannot be managed with Adaxes anymore. Adaxes shows the error message "Multiple objects with Sid S-1-5-10 were found".

Any help would be appreciated, thank you!

Regards HarryNew

by (270 points)

1 Answer

0 votes
by (215k points)

Hello HarryNew,

The issue occurs because the permissions granted to the Self well-known security principal are duplicated in the properties of the objects the issue persists with. As per our check this is not allowed in Exchange and we are not sure how/why it happens. We recommend you to contact Microsoft support regarding possible causes and solutions.

0

Hello,

thank you for your answer but I don't think this is correct. We are using Exchange 2016 and have had this problem ever since updating to CU14, which was a while back.

A consulting company we are partnering with was able to confirm the duplicate entry in their test environment so this is not an effect that only happens in our domain. Exchange itself does not have a problem with the duplicate SID.

In both environments the duplicate entry shows up when switching the shared mailbox to "shared" and disappears when going back to "regular".

Regards HarryNew

0

Hello HarryNew,

Sorry for the confusion, but Adaxes just passes the error that is returned from Exchange. Most probably, it happens when Adaxes attempts to add permissions for the trustee which is already added to the permissions list (e.g. Self). For troubleshooting purposes, please, do the following:

  • Check the permissions of the mailbox the issue persists with before and after conversion to shared. It can be done using the Get-MailboxPermissions cmdlet. Please, post here or send us (support[at]adaxes.com) the output of the cmdlet execution.
  • Clarify how the mailbox conversion to shared is performed.

A screenshot of the error and any additional details would be much appreciated.

Related questions

0 votes
0 answers

Hi all, We had patches installed on our Adaxes 2018.2, 2008 R2 server the other night. As part of that, Windows Management Framework ... -44db-b83c-3a0696611ddd/could-not-load-file-or-assembly-systemmanagementautomation-version3000?forum=virtualmachinemanager

asked Sep 26, 2019 by AllianceIT (130 points)
0 votes
1 answer

Hello, We have an exchange server in a separate forest. When we create the mailbox using a business rule after user creation, the mailbox creates ok. After the user ... multi-forest environment and it made no difference. Thanks for any help you can provide.

asked Nov 2, 2018 by Jasonmh (540 points)
0 votes
1 answer

Our adaxes service account is able to create the mailbox when running our create user business rule, but cannot change any settings like disable OWA. What level of security will it need?

asked Apr 6, 2021 by bstone (50 points)
0 votes
0 answers

Hi, we recently upgraded to version 2013.1. Everything was working fine. We have multiple websites and noticed, that on custom websites, newly created Active Directory filters do ... THE OU object does not exist". It is a know error? Thanks Regards, Andreas

asked May 30, 2013 by andreasaster (20 points)
0 votes
1 answer

I'm moving from 2013.1 (on Server 2008 R2) to 2014.1 (on Server 2012 R2) and am going from a single server to 2 new servers and will shut down the 2013 ... be updated properly if their target object is moved or renamed. Would another reboot fix this possibly?

asked Aug 26, 2014 by danftasc (440 points)
2,761 questions
2,495 answers
6,538 comments
1,483,172 users