Symptoms When you try to remove a mailbox database from Exchange Server 2013 or Exchange Server 2016, you receive the following warnings.
EMS:
EAC:
Cause This attempt to remove the mailbox database fails to remove the AD User accounts of health mailboxes in the database, and this triggers the warning messages.
The AD user accounts cannot be removed in this case because the Exchange Servers security group inherits explicit “deny” permissions for deleting objects in the Monitoring Mailboxes container. Workaround To work around this issue, follow these steps to add an explicit “allow” permission to the Exchange Servers group on the Monitoring Mailboxes container. To do this, follow these steps: Open Active Directory Users and Computers. Click View, and then make sure that Advanced Features is selected. If it is not, select it. Navigate to the following container:
Right-click Monitoring Mailboxes, click Properties, and then click the Security tab. Click Advanced on the Security tab. You now see the following dialog box:
Click Add, type Exchange Servers, click Check Names, and then click OK. Select the Allow check box for the Delete subtree permission.
Permission Entry Monitoring Mailboxes Click OK in all the remaining windows. Wait for AD replication
If you have Exchange deployment in a multi-AD domain environment, follow the preceding steps on all the domains in which Exchange servers are deployed. Status Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
