Remove MailboxDatabase operation fails to clean up health mailboxes

• Applies to:

  Exchange Server 2016 Enterprise Edition, Exchange Server 2016 Standard Edition, Exchange Server 2013 Enterprise, Exchange Server 2013 Standard Edition

Original KB number:   3046530

Symptoms

When you try to remove a mailbox database from Exchange Server 2016 or Exchange Server 2013, you receive these warnings:

EMS:

EAC:

Cause

This attempt to remove the mailbox database fails to remove the AD User accounts of health mailboxes in the database, and this triggers the warning messages.

The AD user accounts cannot be removed in this case because the Exchange Servers security group inherits explicit deny permissions for deleting objects in the Monitoring Mailboxes container.

Workaround

To work around this issue, follow these steps to add an explicit allow permission to the Exchange Servers group on the Monitoring Mailboxes container. To do this, follow these steps:

1. Open Active Directory Users and Computers.

2. Select View, and then make sure that Advanced Features is selected. If it is not, select it.

3. Navigate to the following container:

   

4. Right-click Monitoring Mailboxes, select Properties, and then select the Security tab.

5. Select Advanced on the Security tab. You now see this dialog box:

   

6. Select Add, type Exchange Servers, select Check Names, and then select OK.

7. Select the Allow check box for the Delete subtree permission.

   

8. Select OK in all the remaining windows.

9. Wait for AD replication.

If you have Exchange deployment in a multi-AD domain environment, follow the preceding steps on all the domains in which Exchange servers are deployed.