Remove MailboxDatabase operation fails to clean up health mailboxes

Symptoms
When you try to remove a mailbox database from Exchange Server 2013 or Exchange Server 2016, you receive the following warnings. 

EMS:




EAC:

Cause
This attempt to remove the mailbox database fails to remove the AD User accounts of health mailboxes in the database, and this triggers the warning messages. 

The AD user accounts cannot be removed in this case because the Exchange Servers security group inherits explicit “deny” permissions for deleting objects in the Monitoring Mailboxes container.
Workaround
To work around this issue, follow these steps to add an explicit “allow” permission to the Exchange Servers group on the Monitoring Mailboxes container. To do this, follow these steps:
  1. Open Active Directory Users and Computers.
  2. Click View, and then make sure that Advanced Features is selected. If it is not, select it.
  3. Navigate to the following container:

  4. Right-click Monitoring Mailboxes, click Properties, and then click the Security tab.
  5. Click Advanced on the Security tab. You now see the following dialog box:
     
  6. Click Add, type Exchange Servers, click Check Names, and then click OK.
  7. Select the Allow check box for the Delete subtree permission.
     
    Permission Entry Monitoring Mailboxes
  8. Click OK in all the remaining windows.
  9. Wait for AD replication

If you have Exchange deployment in a multi-AD domain environment, follow the preceding steps on all the domains in which Exchange servers are deployed.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 3046530 - Last Review: 10/01/2015 07:39:00 - Revision: 2.0

Exchange Server 2016 Enterprise Edition, Exchange Server 2016 Standard Edition, Microsoft Exchange Server 2013 Enterprise, Microsoft Exchange Server 2013 Standard

  • KB3046530
Feedback