0 votes

Hello,

After migrating users from Exchange 2007 On premise to Exchange Online, we experience a problem viewing/managing full Access permissions for some of the mailboxes.

We get the error: Failed to get mailbox rights. Some or all identity references could not be translated.

Using the Exchange Online admin tools, we can see everything just fine. Using PowerShell in a remote session, we see something similar to:

PS Z:\> get-mailbox teuser |Get-MailboxPermission |ft -AutoSize -Wrap

Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
User, Test NT AUTHORITY\SELF {FullAccess, SendAs, ReadPermission} False False
User, Test NAMPRD08\Administrator {FullAccess} True True
User, Test NAMPRD08\Domain Admins {FullAccess} True True
User, Test NAMPRD08\Enterprise Admins {FullAccess} True True
User, Test NAMPRD08\Organization Management {FullAccess} True True
User, Test NT AUTHORITY\SYSTEM {FullAccess} True False
User, Test NT AUTHORITY\NETWORK SERVICE {ReadPermission} True False
User, Test NAMPRD08\Administrator {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} True False
User, Test NAMPRD08\Domain Admins {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} True False
User, Test NAMPRD08\Enterprise Admins {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} True False
User, Test NAMPRD08\Organization Management {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} True False
User, Test NAMPRD08\Public Folder Management {ReadPermission} True False
User, Test NAMPRD08\Exchange Servers {FullAccess, ReadPermission} True False
User, Test NAMPRD08\Exchange Trusted Subsystem {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner} True False
User, Test NAMPRD08\Managed Availability Servers {ReadPermission} True False
User, Test PRDMGT01\View-Only Organization Management {ReadPermission} True False

These appear to be the same set of permissions found on users that we can successfully manage through Adaxes.

Any ideas?

by (710 points)

1 Answer

0 votes
by (1.8k points)
selected by
Best answer

I had the exact same problem a while back, but that was caused by a corrupt owner on a few mailboxes.
However you can test the same solution on a mailbox and see if you have the same error. I believe our issue also occured after a migration.

Try running the following powershell command towards one of the mailboxes that has the problem:

Add-mailboxpermission "Name of the mailbox" -Owner "nt authority\self"
0

Hello,

As odsven already managed, the issue can be caused by corrupt owners of the failing mailboxes. Most typically, this occurs with migrated mailboxes. To check this, you can try running the following command in the Exchange Management Shell:

Get-MailboxPermission -Identity "CN=John Doe,OU=New York Office,DC=example,DC=com" -Owner:$True

where CN=John Doe,OU=New York Office,DC=example,DC=com is the Distinguished Name (DN) of a user that you are having issues with.

If you are getting the same error as with Adaxes, try running the same command but without the -Owner:$True part. If, on this run, you don't receive the error, then you are having an issue with corrupted mailbox owners. You'll need to repair the mailboxes that give such an error.

Related questions

0 votes
1 answer

We're trying to add a Send As permission in the properties for a group through Adaxes. It works for Send on Behalf, but whenever we try to add Send As delegation in Adaxes, ... (#Ze operation) at #re.#qe.Execute() --- End of inner exception stack trace ---

asked May 21, 2019 by rmoat (50 points)
0 votes
1 answer

Is there a way to use the built-in "Modify Exchange Properties" action to add a mailbox delegate that only resides in the cloud? We can do it via a powershell script, but I ... action. For example, I want to add "Company Administrator" to a user via the GUI:

asked Sep 14, 2015 by yourpp (530 points)
0 votes
1 answer

We are getting the following error when running the Expired Passwords report. Running the report as a full admin works. I believe the error has to do with permissions but not sure which ones are needed to view this report.

asked Sep 16, 2013 by jheisley (590 points)
0 votes
1 answer

When creating a hybrid user mailbox with a Business Rule, after user creation, the remote routing address of the mailbox is set to the users email alias. How do I set it to the 365 address username@ourdomain.mail.onmicrosoft.com

asked Apr 13 by john.harding (20 points)
0 votes
1 answer

Hi Team! I'm currently looking for a solution to create an exchange mailbox on-premise, sync it to Office 365 and assign the license in one business rule. I didn't ... solution from our side? Please let me know how to configure this. Best Regards Marco Jandl

asked Apr 6 by marco_jandl (60 points)
2,738 questions
2,473 answers
6,471 comments
1,359,409 users