No announcement yet.

Post-migration, SID from old Exchange server shows up in Mailbox subfolders

  • Filter
  • Time
  • Show
Clear All
new posts

  • Post-migration, SID from old Exchange server shows up in Mailbox subfolders


    I've recently posted this to the Exchange newsgroup on Microsoft's news servers. I am posting the discussion here for some more ideas. (Hopefully!)

    Here's the original message:

    Hi folks,

    I have a problem I've not seen before.

    About two months ago, we manually migrated from a Windows Server 2003
    system running Exchange to a Windows SBS 2003 server on a different domain. (Yes, it was a pretty manual process, as you can imagine.) I wasn't directly involved with the migration, so I can't answer any "why" questions.

    During that migration, each Outlook user needed to switch over to a new
    profile for the new server/domain. Mail was migrated with ex-merge.

    Shortly after the migration -- and, of course, after our admin left the
    company -- I noticed that one of my user's Outlooks had abnormally large
    list of shared folders. I queried him about it and we determined that
    all new folders created post-migration wind up shared automatically.

    The default set of users shows up as:

    Default / None
    TheUser / Owner
    NTUser (with a SID) / Owner
    Anonymous / None

    Removing the sharing permissions on each folder, up to and including ALL
    users in the shared list, makes the sharing properties go away, but
    sharing eventually returns (I am judging via the 'hand' icon in Outlook

    The user is running in cached Exchange mode, but we've determined that
    the sharing properties are automatically created at the server by:

    1. Turning off cached exchange.
    2. Trying a different profile in Outlook (still 2007, however).
    3. Trying to work in non-cached Exchange on another system.

    I have looked at the entire store security properties and couldn't find
    that SID, which I believe is the reason why sharing shows up at all.

    Furthermore, I have used a utility called sid2user to search the system
    for that SID. It reports that it doesn't exist.

    I suspect the SID is referring to a user in the old server, which is now

    [end of original message]

    A user by the name of MilindNaphade responded and helped me to determine that:

    1. The overall permissions on the store seem right.
    2. There are no delegates on the mailboxes that are not expected.

    Finally, my curiosity got the better of me. I booted the old server and ran a sid2user search against it. Sure enough, the SID that's showing up in Sharing Properties in Outlook is the user's original SID in the old server/domain.

    And, yes, I am assuming the issue lies somewhere in Exchange.

    I don't really know how to correct this. Can anyone offer some ideas?