How to determine who is an Exchange Delegate or Delegate OF a mailbox (publicdelegates or publicdelegatesBL)
In Exchange 5.5, 2000, 2003, or 2007 there many instances where a user has defined a delegate to their mailbox. This is due to many reasons, such as Secretary or Assistant permissions for Calendaring, Inbox, Task and Journaling management. There is a whole plethora of reason to do it. However, along with it comes lots of potential issues. We’ll get to those later.
From within Outlook, Select Tools –> Options –> Delegates. From this panel you can add Delegates as desired. However, the Outlook client is the only way for a non-administrator to know any Delegates are in fact assigned.
You can however, poll Active Directory by using custom scripts or via ADSIedit and attain the Delegate settings. There are two attributes in AD that hold this information.
In your custom script, be sure to adjust to multi-string values, just in case someone is a Delegate on multiple mailboxes.
If IsArray(oUser.publicdelegates) Then
Wscript.Echo "Delegates of this mailbox:————- "
For Each Value In oUser.publicdelegates
wscript.echo " " & Value
Wscript.Echo "Delegates of this mailbox:————- " & oUser.publicdelegates
If IsArray(oUser.publicdelegatesBL) Then
Wscript.Echo ": They are a Delegates of (BL):— "
For Each Value In oUser.publicdelegatesBL
Wscript.Echo " " & Value
Wscript.Echo "They are a Delegates of (BL):— " & oUser.publicdelegatesBL
Now on to potential problems. Here is a Scenario: If a user is a Delegate or has a Delegate assigned, and they have been set to "Receive a copy of the meeting request or message". One of the Delegates accounts is then deleted or removed from Exchange. The Delegate is still listed on one of the mailboxes. If a message or meeting request is sent or accepted a NDR could be generated. The error will look similar to: "Your message did not reach some or all of the intended recipients." or "You do not have permission to send to this recipient. For assistance, contact your system administrator ". The reason why is when an individual is added as a Delegate a hidden rule is assigned to the mailbox. When a Delegated user account is deleted, they can become orphaned.
Several things to look at are the two attributes above and determine if one of the entries is stale. The other option is a Microsoft Provided tool called MFCMAPI which can be found here along with instructions. http://support.microsoft.com/kb/924297. In my experiences, the easiest tactic is to add the Delegates back and then remove them. This often toggles the attribute and removes the orphaned or problematic account.