Cannot remove deleted accounts from Archive
Hey guys,
Forgive me if my question is a bit noobie, but here goes anyway. One of our clients users is trying to remove a deleted user account from an Archive but gets the message
Account 'Account unknown *sid id*' cannot be removed as it has 'Automatically set' permissions associated with it.
Now, I've read a few articles/posts about how to deal with this, but there didn't seem to be anything concrete that would enable the deletion of this deleted user from the permissions tab in Archives properties.
I've got some screenies that I could post up but they are not really that much more informative than what I've already typed out. There are other user accounts that do have access to the Archives, my customer just wants to tidy things up a bit.
Is anyone able to help?
Cheers
Brendan
Comments
Use EVPM to Zap the permissions on the archive
Hi Wally,
Check out the following technote:
http://support.veritas.com/docs/280196
This will allow you to remove automatically inherited permissions from archives (Including deleted accounts which display as a sid)
Best Regards,
Frank
I take it this will zap *all*
I take it this will zap *all* inherited permissions, so if there are any that are legit I'll need to manually re-add?
Or will it update automatically with the legit accounts?
Synchronization
Hi Wally,
Yes, this will remove ALL permissions from the archive (Automatically set or manually set).
The next time the mailbox associated with the archive is synchronized by the Mailbox archiving task, the permissions on the mailbox will be re-applied to the archive.
If there are any manually set permissions on the archive, make a note of them first so that you can add them on again if necessary.
Best Regards,
Frank
in my experience with ZAP'ing
in my experience with ZAP'ing it effectively disables the mailbox from archiving. you then have to go and reenable it manually. i've also noticed that all the retention categories, at least at the folder levels, get set back to the default.
Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec Platinum Partner | www.trace3.com
Sweet, cheers for the info.
Sweet, cheers for the info.
Another possibly stupid
Another possibly stupid question on this (my understanding of the product is very lacklustre atm) but if a user account is deleted in Active Directory I wouldn't expect the permissions to remain here? Is there an automated way of doing this when accounts get deleted?
I can instruct people to clean up the Archive first prior to an account being deleted, but wanted to see if there was another way.
Wally, I would expect it to
Wally,
I would expect it to stay there this is by design BTW.
If we have UserB which had access to UserA mailbox:
What happens once a UserB leaves and UserA comes up for leaking information, he claims someone else had access to his archive, but he can’t remember who?
I’m not saying its necessarily like that but personally I keep all my SID’s I do not remove them, what’s the harm?
www.quadrotech-it.com - All your EV Tools
Did not work on EV 8.0.2
I have the same issue here, but the ZAP script does not have the result I need.
All permissions remain...
please advice how to clear this archive...
Would you like to reply?
Login or Register to post your comment.