Posts

No Calendar delegation but still receiving invites

Ever experienced the fact that a user is still receiving calendar invites from a calendar where the user doesn’t have any permission to it anymore? At a customer I had an issue where user A was a delegate member of user B, and user A was set to receive copies of calendar related messages. That was all fine until user A didn’t want to be related anymore to the calendar of user B, at any possible way. Not hard to accomplish I was thinking. But after removing the delegated rights the frustration started.

User A was still getting copies of calendar related messages from user B. After a double check with PowerShell I noticed that user A still had view permissions on the calendar of user B. But after removing the view permission, the problem wasn’t resolved. I was thinking that Exchange was confused and if I added the delegated rights again to remove it right away, Exchange would correct it self. But no…

All the actions above I’ve executed by clicking in the GUI as well as configuring it in PowerShell. But it didn’t make a difference. I’ve also checked if user B had any inbox rules that was explaining this behavior, but sadly not.

A colleague of mine tipped me the name off an application (MFCMAPI) that can look deeper than the GUI and PowerShell for any “stranded” rule in the information store. This was a life saver because after using this, user A never received copies of calendar related messages from user B ever again. See below a step by step guide of how to use MFCMAPI:

First download MFCMAPI as it isn’t a default Windows application!


After starting MFCMAPI, navigate to “Session” and click on logon. Login with credentials of user B or administrator credentials that has full mailbox access to the mailbox of user B.


After logging in, navigate to “QuickStart” and click on “Inbox Rules”.


Search for a rule where the “PR_RULE_PROVIDER” is “Schedule + EMS Interface” and delete it.

 

After this let user B clear the delegate list and restart outlook before user B is filling the delegate list with members again. Except user A of course!
You can also login to OWA and do it by yourself with the administrator credentials with full access rights on the mailbox of user B.

I hope this is a life saver as it was for me. Cheers!

MDT: Filter task sequences on Active Directory group membership

DirectionsBy default task sequences in Microsoft Deployment Toolkit (MDT) are available for all users, there is no access control list (ACL). This means that you can’t filter certain task sequences for a group of users, while you might not want all users to execute all task sequences.

For instance I don’t want all users to run an unattended setup, I only want them to deploy a captured image (MDT can inject model specific drivers, so no harm done). However, the more advanced users Angry smile should be able to run all task sequences, including the unattended installations.

 

Windows Deployment Wizard - Task Sequence - Deploy onlyWindows Deployment Wizard - Task Sequence - All

Read more