Problem
Manual / Automatic mailbox permission synchronization completes without synchronizing delegate mailbox folder permissions to the archive.
Error Message
A Dtrace of AgentClientBroker will show the following:
(AgentClientBroker) <6856> EV:L {CEx2kMailboxPermissions::ReadPropertiesFromActiveDirectory:#249} Read displayName [Nicole Myers]
(AgentClientBroker) <6856> EV:L {CEx2kMailboxPermissions::ReadPropertiesFromActiveDirectory:#214} Copying object Sid
(AgentClientBroker) <6856> EV:L {CADExtras::ReadStringAttributeValue:#96} Result string: [nmyers]
(AgentClientBroker) <6856> EV:L {CEx2kMailboxPermissions::ReadPropertiesFromActiveDirectory:#254} Read mailNickname [nmyers]
(AgentClientBroker) <6856> EV:H {CEx2kMailboxPermissions::getmailboxsecuritydescriptor:#145} Failed to list mailbox permissions for [/o=Veritas/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=38661019ed2c4277962d1777d1fba4d8-Nicole Myers] whilst synchronizing due to a missing Active Directory attribute msExchMailboxSecurityDescriptor
(AgentClientBroker) <6856> EV:H {CEx2kMailboxPermissions::GetMailboxUserList:#584} EX2KMBXPERM::GMUL[CN=Nicole Myers,OU=EVUsers,DC=kvs,DC=local] - Error [0x80040C9B]
Cause
Enterprise Vault looks at the msExchMailboxSecurityDescriptor Active Directory attribute of the user whose SID needs to be synced with the delegate permission on the archive of the user mailbox in context.
If msExchMailboxSecurityDescriptor attribute is missing/inaccessible, then the mailbox folder permission sync for the user mailbox archive will not succeed.
Generally, mailboxes migrated to Office 365 do not have msExchMailboxSecurityDescriptor attribute. Hence Enterprise Vault permission synchronization does not synchronize the delegate folder permission for such accounts to the user mailbox archive.
Solution
Enterprise Vault by design will not be able to sync the delegate folder permission for the account having issues with missing/inaccessible msExchMailboxSecurityDescriptor or migrated to Office 365.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.