Exchange 2013 / 2013SP1 Mailbox Access Auditing Part II – Delegate Access Bug

Now it’s time to repeat the tests described in the Exchange 2010 SP1 Mailbox Access Auditing Part II (https://michaelfirsov.wordpress.com/exchange-2010-sp1-mailbox-access-auditing-part-ii-delegate-access-bug/) on the Exchange Server 2013 and see whether the delegate access bug has gone or not.

So let’s once again check how we can revoke Full Access permission from a mailbox. I will also grant Administrator user account the same Full Access mailbox permission on User2’s mailbox as I did in the  Exchange 2010 SP1 Mailbox Access Auditing Part II and we’ll have two user accounts – User1 and Administrator – with FA permission on User2’s mailbox.

Double-click User2 user account (ECP-Recipients-Mailboxes) and add Administrator and User1 as accounts with Full Access on the Mailbox Delegation tab:

Pic.1
Pic1

Pic.2Pic2

Pic.3Pic3

1) Let’s try to revoke FA permission on User2’ mailbox from User1 in EMC,

Pic.4Pic4

2) …start Outlook as User1 and make sure there’s no additional (User2’s) mailbox in the left pane:

Pic.5Pic5

Again, as we expected User1 does not have access to User2′s mailbox any more – good!

 3) Now let’s revoke FA permission on User2’s mailbox from Administrator user account,

Pic.6Pic6

4) …start Outlook as Administrator and check whether User2’s mailbox has disappeared or not:

Pic.7Pic7

Look!  This bug is still there!!!

5) Let’s look again at User2’s attributes in ADSI Editor:

Pic.8Pic8

Please don’t forget to click Filter and tick “Show only attributes that have values”.

Pic.9Pic9-1

6) As we can see msExchDelegateListLinkvalue is still there – after removing it Administrator user account should stop having access to User2’s mailbox.

Pic.10Pic10

7) Let’s once again start Outlook as Administrator and make sure there’s no User2’s mailbox in the left pane:

Pic.11Pic11

Summary

More that two years were not enough for MS to fix the bug, but enough to release a brand new version.
So…new Exchange …old bug (perhaps bugs)…

No comments.

P.S. Exchange Server 2013 SP1: the bug is still there…

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: