MS Exchange Mailbox Problem...

Discussion in 'Windows Server Systems' started by o0_Enigma_0o, Oct 24, 2006.

  1. o0_Enigma_0o

    o0_Enigma_0o OSNN Junior Addict

    Messages:
    48
    Hi Guys...

    We have had a guy leave our office and I have tried to remove there account...

    I firstly disabled the account so he could not log on remotely and I could check his emails and then extract any important emails.

    When I tried to connect via my Outlook client I was told I did not have enough permissions... After checking the mailbox permissions it turns out I have full permissions on everything (I am the admin).
    Anyway... I cut my losses and decided to delete the account... I got the dialog box "delete mailbox?" it was greyed out and ticked so I clicked ok...

    The user account is now gone... but under my System Manager the mailbox is still there... but it says last logged on by S-1-5-21-3201456927-15689...
    It is also showing as 564Kb and 150 Items. Also my back up server is now throwing a major wobbly saying that the directory is invalid or corrupt..

    Is there anyway I can get the emails from this mailbox... or can I just delete this properly?

    Cheers Guys

    Kirk
     
  2. o0_Enigma_0o

    o0_Enigma_0o OSNN Junior Addict

    Messages:
    48
    Hi Guys...

    Bit of an update...

    I have created a new user called "Test" and attached the broken mailbox to it... It seems to be ok now... however...

    I have now found LOADS of strange stuff around my server...

    everything file or folder i look at under the permissions bit seems to have a strange unknown user "S-1-5-21-3201456927-15689..." Its the same number that has access to this broken mailbox...

    Is this normal??

    Or am I stupid and have we been hacked?

    Cheers
     
  3. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    what version of exchange? what version of AD? what version of Windows is this running on? Was this an upgrade/migration from a previous version of Exch? What is the SID of your backup account?

    edit:
    What is the last 3 digits of this:
    S-1-5-21-3201456927-15689...
     
    Last edited: Oct 25, 2006
  4. o0_Enigma_0o

    o0_Enigma_0o OSNN Junior Addict

    Messages:
    48
    Hi mate,
    Thanks for the reply...
    Windows Server 2003 SMS runnign Exchange version 6.5 And AD - Version 5
    as for the last numbers -> 1156

    the back up system seems to be using the administrators account...
    is it safe to post the SID here?
     
  5. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    The guy that left was an exchange admin / domain admin etc. ?
     
  6. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    You shouldnt need the rest of the SID.. the middle parts are all domain specific anyway.. the 1-5-21 implies a domain account, the last numbers (1156) implies it is a non-default account or group (ie: not the built-in domain admins/domain users/etc)

    Try using this utility to convert the SID to and readable format..

    By guess off the top of my head would be the backup service account is the one hitting the mailboxes. Are you doing brick level backups?

    It almost sounds like you have a bad tombstoned object.. but I don't know if that is should be happening on an SBS server.
     
  7. o0_Enigma_0o

    o0_Enigma_0o OSNN Junior Addict

    Messages:
    48
    Hi Guys,

    The guy that left was a normal user.
    I will have ago with that util and let you know what I find.

    Not sure about the Brick level backups... We have Veritas Backup Exec... if that helps :)

    Cheers
     
  8. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    Are you backing up individual mailboxes or just the information store as a whole?
     
  9. o0_Enigma_0o

    o0_Enigma_0o OSNN Junior Addict

    Messages:
    48
    Erm...
    Both... I think
    We have a Job that backs up everything on the server including the info store... then it backs up the database of mailbox's... so I think it will do the mailboxes individually