Wednesday, June 29, 2011

Finding Orphaned Delegates in Exchange 2007 using a powershell script

Over the years, I have worked at many companies and one thing I have noticed about all of these companies is, they tend to wind up having a lot of the same issues. One in particular is the topic of today's blog.

Have you ever sent an invitation from Outlook to another mailbox only to receive a Non Delivery Report (NDR) from someone else's mailbox. Then, when you checked, you discovered the other mailbox doesn't even exist in your network. It may have existed at one time, but it definitely no longer exists.

This is a common issue for many companies using Exchange 2007 simply because they do not typically do their "due diligence" when it comes to cleaning up removed users.

You see what happens is, a user will often have a delegate who manages his or her calendar. Then, one day, that delegate drops off of the face of the earth. Either they were terminated, quit, or quite possibly were abducted by aliens and the admins who knew about it, removed the delegate's account from Active Directory. What they did not do was remove the delegation rights to their bosses calendar.

This leaves something we like to call an Orphaned Delegate. Now, when an invitation is sent to that boss, or an existing meeting is responded to that includes that boss, Exchange will try to direct the message to the Orphaned Delegate, which it will fail to do, and an NDR is generated.

If it is an email with a large list of recipients, it can be difficult to figure out who has the Orphaned Delegate assigned to their calendar. That is where the following script comes in.

From this script, you will do a couple of things.
  1. Capture any errors and silenetly continue as many of the results we are looking for will actually produce an error which we need to capture.
  2. Create an output file.
  3. Specify which domain controller to work with.
  4. Get the mailboxcalendarsettings for every mailbox that has a delegate assigned to it.
  5. Try to find an existing mailbox that matches the delegate.
  6. If no match is found for that delegate, write it to the output file next to the name of the mailbox which has the orphaned delegate.
Once you have that information, you can go into that user's mailbox and remove the Orphaned Delegate to stop the issue from occuring.

The script looks as follows:

$ErrorActionPreference = "SilentlyContinue"
$out = "c:\Scripts\Orphans.txt"
$inp = "Mailbox`tOrphaned Delegate"
Out-File $out -inputObject $inp
$dc = ""
$del = get-mailboxcalendarsettings -ResultSize Unlimited -domaincontroller $dc |Where {$_.ResourceDelegates -ne $null}
foreach ($usr in $del)
 $Err = $null
 $iden = $usr.Identity
 $mbx = get-mailbox $iden
 $name = $mbx.DisplayName
 $delegates = @($usr.ResourceDelegates)
 ForEach ($usr2 in $Delegates)
  $mbx2 = get-recipient $usr2 -ErrorVariable Err
  If ($Err -ne $null)
   $inp = "$name`t$err"
   Out-File $out -inputObject $inp -Append 


  1. Is this strictly form 2007 or could it be used on for Exchange 2003?

  2. I am fairly confident that this is 2007 specific. The attributes it searches against, I am pretty sure, do not exist in 2003. You can, however, use a query in Active Directory Users and Computers to find all users with delegates and then go through them to eliminate the broken ones. Check out the solution at the following link: