none
[E2010] [EWSMA] [PowerShell] [Windows]: Hidden Delegate Forward Rule, "Object cannot be deleted." RRS feed

  • Question

  • Hello,

    Exchange Version: Version 14.2 (Build 247.5)

    I am using EWS Managed API 2.1 within Powershell.

    Cached Exchange mode is on by default.

    I have been attempting to delete the hidden delegate forwarding rule using EWS and been unsuccessful so far. I am using code that has at least worked for some people out there but I am unsure why it is not working for me. Every other command works for me no problem, such as getting information or adding/removing delegates (even deleting the ghost delegate information in the FreeBusy Information Message).

    I have verified that I have FullAccess to the mailbox via Get-MailboxPermission and I have also attempted to give myself Owner on the Inbox in case that permission was also needed. I have tried using impersonation and also using access without impersonation and neither work. I am able to right-click and delete this object in MFCMapi though.

    The Powershell error I get is the following:

    Exception calling "Delete" with "1" argument(s): "Object cannot be deleted."

    The EWS trace error I get is:

    <Trace Tag="EwsResponse" Tid="13" Time="2014-06-11 19:03:36Z" Version="15.00.0847.030">
      <?xml version="1.0" encoding="utf-8"?>
      <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
        <s:Header>
          <h:ServerVersionInfo MajorVersion="14" MinorVersion="2" MajorBuildNumber="318" MinorBuildNumber="4" Version="Excha
    nge2010_SP2" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types" xmlns="http://schemas.microsoft.com/exc
    hange/services/2006/types" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSc
    hema" />
        </s:Header>
        <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
          <m:DeleteItemResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schem
    as.microsoft.com/exchange/services/2006/types">
            <m:ResponseMessages>
              <m:DeleteItemResponseMessage ResponseClass="Error">
                <m:MessageText>Object cannot be deleted.</m:MessageText>
                <m:ResponseCode>ErrorCannotDeleteObject</m:ResponseCode>
                <m:DescriptiveLinkKey>0</m:DescriptiveLinkKey>
              </m:DeleteItemResponseMessage>
            </m:ResponseMessages>
          </m:DeleteItemResponse>
        </s:Body>
      </s:Envelope>
    </Trace>

    The code that I am using to delete the message is the following:

    $exchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP2
    $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($exchangeVersion)
    $service.UseDefaultCredentials = $true 
    
    $mailbox = Get-Mailbox $mailbox
    $mailboxPrimarySMTP = $mailbox.PrimarySMTPAddress.ToString()
    
    $impersonatedUserId = New-Object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId -ArgumentList ([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress),$mailboxPrimarySMTP
    $service.ImpersonatedUserId = $impersonatedUserId
    $service.AutoDiscoverURL($mailboxPrimarySMTP)
    
    # Setup Basic EWS Properties for Message Search - Used to locate Hidden Forwarding Rule
    $searchFilterForwardRule         = New-Object Microsoft.Exchange.WebServices.Data.SearchFilter+ContainsSubstring([Microsoft.Exchange.WebServices.Data.ItemSchema]::ItemClass, "IPM.Rule", [Microsoft.Exchange.WebServices.Data.ContainmentMode]::Prefixed, [Microsoft.Exchange.WebServices.Data.ComparisonMode]::Exact)
    $itemViewForwardRule             = New-Object Microsoft.Exchange.WebServices.Data.ItemView(2, 0, [Microsoft.Exchange.Webservices.Data.OffsetBasePoint]::Beginning)
    $itemViewForwardRule.PropertySet = New-Object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::IdOnly, [Microsoft.Exchange.WebServices.Data.ItemSchema]::ItemClass, [Microsoft.Exchange.WebServices.Data.ItemSchema]::Subject)
    $itemViewForwardRule.Traversal   = [Microsoft.Exchange.WebServices.Data.ItemTraversal]::Associated
    
    # Properties for Hidden Delegate Forwarding Rule
    $PID_TAG_RULE_MSG_PROVIDER    = New-Object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(0x65EB,[Microsoft.Exchange.WebServices.Data.MapiPropertyType]::String)
    
    # Property Set for Delegate Forward Rule
    $propertySetForwardRule = New-Object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::IdOnly, $PID_TAG_RULE_MSG_PROVIDER)
    
    $findResults = $service.FindItems([Microsoft.Exchange.Webservices.Data.WellKnownFolderName]::Inbox, $searchFilterForwardRule, $itemViewForwardRule)
    $forwardRuleExists = $false
    
    If ($findResults.TotalCount -lt 1) {
        Write-VPSALog "Failed to find forwarding rule" "Error"
    } Else {
        Foreach ($item in $findResults.Items) {
            $item.Load($propertySetForwardRule)
    
            If ($item.ExtendedProperties.Count -eq 1) {
                If ($item.ExtendedProperties[0].Value -eq "Schedule+ EMS Interface") {
                    $forwardRuleExists = $true
                    
                    If ($pscmdlet.ShouldProcess($mailbox.Name,"Clearing Delegate Forward Rule")) {
                        $result = $item.Delete([Microsoft.Exchange.WebServices.Data.DeleteMode]::HardDelete)
                    
                        $result
                    } # Terminate WhatIf
                } # Terminate If - Correct Message
            } # Terminate If - Has Extended Properties
        } # Terminate ForEach            
    } # Terminate If - Message Count

    Thank you for any and all help!

    -Adam

    Wednesday, June 11, 2014 8:30 PM

All replies

  • The problem with the method your trying is that this won't delete the entry in the Rules table eg http://blogs.technet.com/b/mahuynh/archive/2012/06/27/using-mfcmapi-to-delete-the-hidden-forward-to-delegates-rule.aspx .

    The only clean method of doing this in EWS that I know is remove and readd the delegates see http://blogs.msdn.com/b/emeamsgdev/archive/2012/08/31/powershell-remove-invalid-delegates-from-mailboxes.aspx . Otherwise a method you could use to access the Rules Table is to use MAPI and Redemption http://www.dimastr.com/redemption/home.htm

    Cheers
    Glen

    Thursday, June 12, 2014 5:17 AM
  • Glen,

    Thanks for the reply!

    I have other code above this (all wrapped in a function) that clears all the delegates entirely (since I can't remove the ghost delegates cleanly) and this was the final piece. I took this code from here:

    http://blogs.msdn.com/b/emeamsgdev/archive/2014/05/16/powershell-clean-mailbox-delegates-update.aspx

    I also decompiled the .NET code behind the Remove-MessageOps.MailboxDelegateInvalidForwardingRules.Unsupported CMDLet from here:

    http://www.messageops.com/software/office-365-tools-and-utilities/messageops-exchange-ews-module/advanced-delegate-cmdlets/

    I found that the methods being used appeared to be one and the same and in those two instances both appear to work for individuals. For some reason though my code won't work.

    I would use the MessageOps modules but no matter what I do, the CMDLet always says, Object not found in store for any Mailbox I pass it. Based on these links and the code, although listed, there does not appear to be a way to delete that message other than manually through MFCMapi or Redemption?

    Basically I have automated almost all aspects of our Exchange management but this is one of the holdouts for cleanup and not that we have tons of service mailboxes (several hundreds though), it would be nice not to have to manually clean them up.

    Thanks again for all the help!

    -Adam

    Thursday, June 12, 2014 2:40 PM
  • Have you tried deleting the rule Item using the EWSEditor http://ewseditor.codeplex.com/ There is no obvious reason that it shouldn't work (I tried an I can delete the rule object fine) "Object not found in store" point to a permissions error but it looks like your using Impersonation ? do you get a different error when you use impersonation.

    Is it just particular mailboxes this happens with ? eg if you setup a test mailbox, setup delegation can you go in and delete the rule then ?

    Cheers
    Glen

    Friday, June 13, 2014 1:47 AM
  • Glen,

    I tried using EWSEditor, and I get the same message back, that the "Object cannot be deleted". Since this isn't a normal rule (i.e. in EWSEditor it won't show up on Inbox rules, unlike in MFCMapi where it does). I have tried where I am impersonating another account (since that is about 99% of our operations) and also on my own personal mailbox and neither work. I have looked at the permissions, but I have FullAccess on the mailbox and I can't see a Deny permission anywhere. I can't find a way in EWSEditor though to actually get to that message, other than running the EWS POST with the straight XML (including below).

    Are there additional permissions that you can think of that would be necessary for this? I am going to keep browsing EWSEditor trying to find a way to get it to show so that I can try a delete through the GUI.

    In regards to the "Object not found in store" error, that one is just for those MessageOps cmdlets. Anyone in our Exchange has the same problem with them, they just never work. EWS, MFCMapi and Powershell (regular Exchange CMDLets) all work great, just not the MessageOps. Even if it's the same account or not, it just fails with that error. I worked with the creators about a year ago on it, but we could never find an answer as to why.

    -Adam

    <?xml version="1.0" encoding="utf-8"?>
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
      xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
        <soap:Header>
          <t:RequestServerVersion Version="Exchange2010_SP2" />
          <t:ExchangeImpersonation>
            <t:ConnectingSID>
              <t:SmtpAddress>loc_Room@exchange.somewhere.edu</t:SmtpAddress>
            </t:ConnectingSID>
          </t:ExchangeImpersonation>
        </soap:Header>
      <soap:Body>
        <DeleteItem DeleteType="HardDelete" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages">
          <ItemIds>
            <t:ItemId Id="AAMkADVhNzZlMjFhLTE2MjUtNDQzOC04MWJhLWViMTQyNTM3NWUxZABGAAAAAADBYiSr+YrkR5krCRsVZx+dBwBOyGoM3ox6T5s/FkQbiL+IAAAAtWNMAADwyzmKQiBfQaVTx77jAitdAAAAAHXYAAA=" ChangeKey="CQAAAA==" />
          </ItemIds>
        </DeleteItem>
      </soap:Body>
    </soap:Envelope>
    Friday, June 13, 2014 2:34 PM
  • >>Are there additional permissions that you can think of that would be necessary for this? I am going to keep browsing EWSEditor trying to find a way to get it to show so that I can try a delete through the GUI.

    Mailbox Owner should be enough, In the EWSeditor you should be able to get the AssoicatedItems of the Inbox and try to delete the Item from there.

    It sounds weird when you do the delete if you have SIR (single item recovery) enabled the then Item would be movied to the RecoverableItems folder. Have you tried doing different types of deletes or even a move. Have you just tired on a fresh mailbox ? Litegation hold on the Mailbox ?

    Cheers
    Glen 

    Monday, June 16, 2014 6:59 AM