Restore "Anonymous" permissions on mailbox folder in Office 365? [SOLVED]

Oct 16, 2012 at 8:37 PM

Does anyone know if it is possible to use MFCMAPI to restore the "Anonymous" and/or "Default" user permissions on say the "Inbox" for someone's account up on Office 365?

Unfortunately, the following cmdlet does not work in Office 365 since it cannot resolve "Anonymous" or "Default" to an actual user:

Add-MailboxFolderPermission -User '\Inbox' -Identity 'Anonymous' -AccessRights 'None';

We've been told that unless we have an on-premises Exchange server in a hybrid configuration, it is not possible to repair a mailbox.  Our only recourse up until now has been to back up the user's account, delete it and then restore from the back up.

Thanks for any insights!

Oct 16, 2012 at 9:21 PM

Try deleting the property PR_NT_SECURITY_DESCRIPTOR from the folder in question. This will restore the permissions to the default set.

Oct 16, 2012 at 10:17 PM

Strange, I'm accessing the mailbox using an account which should have access.  As soon as I try to delete "PR_NT_SECURITY_DESCRIPTOR", I get the following error after which MFCMAPI locks up --

Problem array:
Index: 0x00000000, ulPropTag: Tag: 0x0E270102
Property Name(s): PR_NT_SECURITY_DESCRIPTOR, PidTagSecurityDescriptor
DASL:, scode: 0x80070005 = MAPI_E_NO_ACCESS

In file MAPIFunctions.cpp
On line 956

Oct 17, 2012 at 2:59 PM

Assuming you're running in cached mode, you might try bypassing the cache. In MFCMAPI, go to Tools/Options and look for the options:
Use the MDB_ONLINE flag when calling OpenMsgStore

Use the MAPI_NO_CACHE flag when calling OpenEntry

Try checking both of these and see if you can log on to the folder and delete the property.

Oct 17, 2012 at 3:55 PM
Edited Oct 17, 2012 at 3:56 PM

Interesting, here's what I've done:

  1. Switched "my" account under the Mail control panel to non-Cached mode.
  2. Launched MFCMAPI (x86 version)
  3. Enabled both of the settings you suggested.
  4. Logged on with "my" account which also auto-maps (full access / owner) to the desired account.
  5. I see that the desired account is listed and I can open it's information store.
  6. I can then navigate to the "Inbox" folder and see the "PR_NT_SECURITY_DESCRIPTOR" property.
  7. When I attempt to delete that property, I get another "MAPI_E_NO_ACCESS" error.
  8. To try another avenue, I restarted MFCMAPI and loged on with the target account's credentials and repeated the process.  Same result.

Thanks for you assitance on this, I don't want to tie up your time if this is going to be a mess to figure out.

Oct 18, 2012 at 8:02 PM

I've also been working with Microsoft's Office 365 support and we found that there must have been something corrupted w/the MAPI provider on my own workstation.  We ran through all of the steps on a different system and everything worked perfectly.

Sorry for the trouble!