Getting below error while removing user from another user EV account
What version of EV is this?
Is the user you're trying to remove the vault service account?
Typically automatically set permissions come from:
- The Vault Service Account via it being set as the account on the properties of the directory
- Permissions being given in Exchange/Outlook, and the policy setting selected to enable inherited permissions
It looks like the Account SID cant be resolved with the user name. IT could be due to DC/GC communication issue or user might have deleted in AD. Auto set permissions cannot be removed from VAC >> Archive properties >> Permissions section. You can only modify or remove manually set permissions. You can try using EVPM here. I hope the account which you are trying to remove is not the VSA or owner user account.
This can be achieved by creating an EVPM script, specifying the particular details and running it against the affected archive(s).
a. Modify the script above to match the particular DirectoryComputerName, SiteName and ArchiveName.
b. Edit the file in Notepad and save in UNICODE format, with an .ini extension.
c. After zapping the archive, to show the change to the archive in the Vault Admin Console (VAC), you must right click the container (IE.. Exchange Mailbox) and refresh it.
d. To bring all Exchange inherited permissions the mailbox must be synchronized
Note: The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but you are recommended to use [ArchivePermissions] in all new scripts.
Note: The "VaultName" or "ArchiveName" must be one of the following:
Run EVPM from \Program Files\Enterprise Vault as the Enterprise Vault Service Account. The syntax for EVPM follows:
EVPM [-?] [-e Exchange Server computer name ] [-m service mailbox] [-f Initialization file location and name]
Prints usage to screen
The Exchange Server computer name
The initialization file location and name
The name of the Enterprise Vault service mailbox
Note: If running EVPM without any parameters, it will prompt for each one.
Agreed with Adviser, this problem comes when EV unable to resolve SID from GC. Most probably the user a/c is deleted from AD.
You cannot remove automatically assigned permission from VAC and you need to zap the permission from creating EVPM script as directed by Adviser.
Below is one more thread which was discussed on automatically assigned permission.
Set AutoSecurityDesc = null where ArchiveName = 'ArchiveName'
You can also check and see on the archive permissions that are set are automatic set or not. If they are and those are the wrong permissions then do the following:
Check the registry HKEY_LOCAL_MACHINE\Software\wow6432node\KVS\Enterprise Vault\Agents and see if we have a registry key named 'IncludeInheritedRights ' in that location.
The possible values for IncludeInheritedRights are: