Now it’s time to repeat the tests described in the Exchange 2010 SP1 Mailbox Access Auditing Part II (https://michaelfirsov.wordpress.com/exchange-2010-sp1-mailbox-access-auditing-part-ii-delegate-access-bug/) on the Exchange Server 2013 and see whether the delegate access bug has gone or not.
So let’s once again check how we can revoke Full Access permission from a mailbox. I will also grant Administrator user account the same Full Access mailbox permission on User2’s mailbox as I did in the Exchange 2010 SP1 Mailbox Access Auditing Part II and we’ll have two user accounts – User1 and Administrator – with FA permission on User2’s mailbox.
Double-click User2 user account (ECP-Recipients-Mailboxes) and add Administrator and User1 as accounts with Full Access on the Mailbox Delegation tab:
1) Let’s try to revoke FA permission on User2’ mailbox from User1 in EMC,
2) …start Outlook as User1 and make sure there’s no additional (User2’s) mailbox in the left pane:
Again, as we expected User1 does not have access to User2′s mailbox any more – good!
3) Now let’s revoke FA permission on User2’s mailbox from Administrator user account,
4) …start Outlook as Administrator and check whether User2’s mailbox has disappeared or not:
Look! This bug is still there!!!
5) Let’s look again at User2’s attributes in ADSI Editor:
Please don’t forget to click Filter and tick “Show only attributes that have values”.
6) As we can see msExchDelegateListLinkvalue is still there – after removing it Administrator user account should stop having access to User2’s mailbox.
7) Let’s once again start Outlook as Administrator and make sure there’s no User2’s mailbox in the left pane:
More that two years were not enough for MS to fix the bug, but enough to release a brand new version.
So…new Exchange …old bug (perhaps bugs)…
P.S. Exchange Server 2013 SP1: the bug is still there…