Home > Exchange 2003 > How to determine who is an Exchange Delegate or Delegate OF a mailbox (publicdelegates or publicdelegatesBL)

How to determine who is an Exchange Delegate or Delegate OF a mailbox (publicdelegates or publicdelegatesBL)

In Exchange 5.5, 2000, 2003, or 2007 there many instances where a user has defined a delegate to their mailbox.  This is due to many reasons, such as Secretary or Assistant permissions for Calendaring, Inbox, Task and Journaling management.  There is a whole plethora of reason to do it.  However, along with it comes lots of potential issues.  We’ll get to those later.

From within Outlook, Select Tools –> Options –> Delegates.   From this panel you can add Delegates as desired.  However, the Outlook client is the only way for a non-administrator to know any Delegates are in fact assigned.

image

You can however, poll Active Directory by using custom scripts or via ADSIedit and attain the Delegate settings.  There are two attributes in AD that hold this information.

  • publicDelegates – This attribute stores the user that was configured as a Delegate.  (Who is a Delegate of my mailbox)
  • publicDelegatesBL – This attribute stores which mailbox this user is a Delegate of. (What mailbox am I a Delegate of)

    In your custom script, be sure to adjust to multi-string values, just in case someone is a Delegate on multiple mailboxes.

    Such as:

    If IsArray(oUser.publicdelegates) Then
                    Wscript.Echo "Delegates of this mailbox:————- "
            For Each Value In oUser.publicdelegates
                wscript.echo "                           " & Value
            Next
    else
                    Wscript.Echo "Delegates of this mailbox:————- " & oUser.publicdelegates
    end if

    If IsArray(oUser.publicdelegatesBL) Then
                    Wscript.Echo ": They are a Delegates of (BL):— "
            For Each Value In oUser.publicdelegatesBL
                    Wscript.Echo "                           " & Value
            Next
    else
                    Wscript.Echo "They are a Delegates of (BL):— " & oUser.publicdelegatesBL
    end if

    ===============================================================================

    Now on to potential problems.  Here is a Scenario: If a user is a Delegate or has a Delegate assigned, and they have been set to "Receive a copy of the meeting request or message".  One of the Delegates accounts is then deleted or removed from Exchange.   The Delegate is still listed on one of the mailboxes.  If a message or meeting request is sent or accepted a NDR could be generated.  The error will look similar to: "Your message did not reach some or all of the intended recipients." or "You do not have permission to send to this recipient.  For assistance, contact your system administrator ".  The reason why is when an individual is added as a Delegate a hidden rule is assigned to the mailbox.   When a Delegated user account is deleted, they can become orphaned.

    Several things to look at are the two attributes above and determine if one of the entries is stale.  The other option is a Microsoft Provided tool called MFCMAPI which can be found here along with instructions.  http://support.microsoft.com/kb/924297.  In my experiences, the easiest tactic is to add the Delegates back and then remove them.  This often toggles the attribute and removes the orphaned or problematic account.

    Happy Hunting.

    image

  • Advertisements
    Categories: Exchange 2003
    1. No comments yet.
    1. No trackbacks yet.

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    %d bloggers like this: