question

WiktorKostrzewski-2474 avatar image
0 Votes"
WiktorKostrzewski-2474 asked KaelYao-MSFT commented

the mailbox reached the limit of maximum allowed access control entries

Hi,

I am unable to remove or add to shared mailbox permission any object

I got error :
197383-image.png
How to fix this ?
I have hybrid environment


office-exchange-hybrid-itpro
image.png (157.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KaelYao-MSFT avatar image
0 Votes"
KaelYao-MSFT answered

Hi @WiktorKostrzewski-2474

Here is a link with the similar issue for your reference: Unable to add full access on shared mailbox
As it has been mentioned in the error message "Clean existing entries and rearrange them leveraging groups for assigning the same permission to multiple users.",
please first check if you can remove some of the delegates from the shared mailbox, then wait some time for the information to be updated, see if you can add permissions to new objects correctly.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WiktorKostrzewski-2474 avatar image
0 Votes"
WiktorKostrzewski-2474 answered KaelYao-MSFT commented

Hi
I removed some entries but i still get the same error.
I am worried if remove all, the error will persist

· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the update.

How many delegates do you currently have on this mailbox?
If you still have a large amount, please try creating a mail-enabled security group and add some of the delegates as members.
Then assign the permission to this group and see if it can help with this issue.

0 Votes 0 ·

Hi

I used this code :


Get-MailboxPermission -Identity 'XXX@XXX.com' -ResultSize unlimited | Select-Object Identity,User,IsInherited,AccessRights

And i only see a 120 entries so i do know why its happening ..

0 Votes 0 ·
KaelYao-MSFT avatar image KaelYao-MSFT WiktorKostrzewski-2474 ·

Hi,

This code only shows the Full access permission.
How about the result of these two cmdlets (Send as and Send on behalf of):

 Get-RecipientPermission -Identity 'XXX@XXX.com' | Select Trustee, AccessRights
 Get-Mailbox -Identity  'XXX@XXX.com' | Select GrantSendOnBehalfTo
0 Votes 0 ·
Show more comments