Question : Open User's Mailbox after Disabling Account in AD

We had an employee leave the company so we disabled the account and the computer in AD. Although I have full permissions to all mailboxes, when I tried to add the employees mailbox to outlook, it let me. But then when I tried to expand the mailbox in Outlook it tells me "The set of folders could not be opened".

I thought this had to do with the account being disabled, so I re-enabled both accounts (the computer and the user) in AD. The same thing happens. Why can't I open this users mailbox?

Answer : Open User's Mailbox after Disabling Account in AD

from the link i posted, read this part closely

Note, that the Full mailbox access (FMA) and the Read permissions is both set to Allow, but nothing else. This is the default settings for SELF. As you can see in the top of the dialog box, this mailbox is connected to the user Göran Husman So SELF in this case is the user account Göran Husman. That is why SELF needs the FMA! If you remove the SELF object, the user cannot access his mailbox any longer Fix this by adding the self object manually.

Note: Any modification of permissions may take up to two hours before it gets activated. This is because you must wait for the DSAccess cache to be refreshed, which, by default, is done every two hours!

The problem is that you have a disabled user account, which in turn tells Exchange that there is no primary owner of this mailbox.
This will end up with problems for that mailbox getting any new mail messages; they will all be returned to the sender with a non-delivery report (NDR).

This problem is similar to the example we discussed above (Adams mailbox): When you have a disabled user account, Exchange will look at the MEMAS property to see what user SID owns this mailbox. If no user account has been granted AEA, then MEMAS will be empty. So the solution is to grant SELF the AEA permission this time!

This applies to you

When you later on want to Enable Account, you must also remember to remove the AEA permission for the SELF object; otherwise Exchange will see two owners of this mailbox: the enabled account and the one with AEA permission.

Note: You may think that the ADUC should be smart enough to grant and remove the AEA permission automatically, but it doesnt! You must do this manually!

So what do you do if you find lots of 9548 events? One way is to manually grant AEA permissions (for disabled accounts), or remove the AEApermissions (for enabled accounts). But if they are too many, you will be happy to know that Alex Seigler, MS PSS, has written a utility that does the search and fix of those things for you. This tool is called NOMAS (No Master Account SID), and will very soon be publicly available on this URL address: ftp://ftp.microsoft.com/PSS/Tools/Exchange%20Support%20Tools/.

Random Solutions

Check exchange email from a remote location

Is event LIstener active?

Microsoft Briefcase

Query Slow in some circumstances

Folder Contents

Time synchronization

DNSCMD file on your server

Create and deploy a web service in borland builder c++ 10

Outlook 2007 not working with Exchange 2003

Python: how to check mail status