• State Not Answered
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 189 views
  • Users 0 members are here
Options
Related

"Operation is not valid due to the current state of the object" when adding additional SID to edsva-MsExch-SharedMailboxUsers

ykara
29 days ago

Hi, I am trying to create a workflow to grant users FullAccess to existing shared mailboxes (exchange on-prem) by adding SID to the attribute edsva-MsExch-SharedMailboxUsers but it keeps returning error "Operation is not valid due to the current state of the object" when the WF runs.

If it get it to use Set instead of Add it works fine but Set replaces all the existing users with the new user which I don't want to do, I want the new user to be added alongside the existing FullAccess users

Parents
  • 0 22 days ago 

    $userSid = (Get-QADUser -Identity $SamAccountName).objectSid
Set-QADUser -Identity $Mailbox-IncludedProperties "edsva-MsExch-SharedMailboxUsers" -objectAttributes @{"edsva-MsExch-SharedMailboxUsers"=@{Append=$userSid}}

    Also get same error with Set-QADuser:

    Set-QADUser : Administrative Policy returned an error.

Operation is not valid due to the current state of the object.

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: ***** [Set-QADUser], ObjectAlreadyExistsException

    + FullyQualifiedErrorId : ActiveRoles.ManagementShell.Powershell.Cmdlets.SetUserCmdlet

    Also tried converting SID to base64 as suggested here but still same error

Reply
  • 0 22 days ago 

    $userSid = (Get-QADUser -Identity $SamAccountName).objectSid
Set-QADUser -Identity $Mailbox-IncludedProperties "edsva-MsExch-SharedMailboxUsers" -objectAttributes @{"edsva-MsExch-SharedMailboxUsers"=@{Append=$userSid}}

    Also get same error with Set-QADuser:

    Set-QADUser : Administrative Policy returned an error.

Operation is not valid due to the current state of the object.

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: ***** [Set-QADUser], ObjectAlreadyExistsException

    + FullyQualifiedErrorId : ActiveRoles.ManagementShell.Powershell.Cmdlets.SetUserCmdlet

    Also tried converting SID to base64 as suggested here but still same error

Children
  • 0 14 days ago in reply to ykara

    The ObjectAlreadyExistsException in the error makes me think edsva-MsExch-SharedMailboxUsers is only meant to be used when creating new shared mailboxes. Maybe it can't be used to add or remove user to existing shared mailboxes even though the GUI has those options:

    (we are on AR version 8.1.5.3)