Determining Impersonation User Rights for Journaling Mailboxes

  • 7019257
  • 21-Apr-2015
  • 07-Aug-2017

Environment


Retain 3.x
Exchange Module

Situation


Retain does not seem to be deleting items from the journaling mailbox.

Resolution


As long as Data Collection/Jobs/Exchange/Journaling/"Delete archived items from journal" is checked Retain will attempt to delete the messages from a journal mailbox. As Retain archives a journaling mailbox it creates a list of items to be deleted and when it exits the mailbox send the delete command to Exchange against that list. If the job interrupted then nothing will be deleted.

It is also important to make sure that the Impersonation User has proper rights for this job. You will want to make sure that the Impersonation user has "DeleteItem" rights to the journaling mailbox. You can do that using the following command in the Exchange Management Shell:

Get-MailboxPermission "[impersonation user]"

For example:

Get-MailboxPermission "retain@retainsupport.net"

The results should look something like:

Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
gsc.local/Journaling NT AUTHORITY\SELF    {FullAccess, ReadPermission}                                False       False
gsc.local/Journaling GCS\Administrator                               
                                True        True
gsc.local/Journaling GCS\Domain Admins                                                   
            True        True
gsc.local/Journaling GCS\Enterprise Ad...                                                
            True        True
gsc.local/Journaling GCS\Organization ...                                                
            True        True
gsc.local/Journaling NT AUTHORITY\SYSTEM                                                 
            True        False
gsc.local/Journaling NT AUTHORITY\NETW...                                            
                True        False
gsc.local/Journaling GCS\Administrator    {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
gsc.local/Journaling GCS\Domain Admins    {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
gsc.local/Journaling GCS\Enterprise Ad... {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
gsc.local/Journaling GCS\joe.rush         {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
gsc.local/Journaling GCS\Organization ... {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
gsc.local/Journaling GCS\Public Folder...                                            
                True        False
gsc.local/Journaling GCS\Delegated Setup                                             
                True        False
gsc.local/Journaling GCS\Exchange Servers {FullAccess, ReadPermission}                                True        False
gsc.local/Journaling GCS\Exchange Trus... {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
gsc.local/Journaling GCS\Managed Avail...                                            
                True        False
 

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 2526.