Cant delete Outlook web app policy that was accidentally created
Posted by ADynes@reddit | sysadmin | View on Reddit | 15 comments
So long story short people have been creating booking calendars left and right instead of just using the default booking with me calendar causing lots of extra unlicensed users to get created. Last Friday I deleted all those extra users and then turned off the ability to do it using:
set-OwaMailboxPolicy "Default" -BookingsMailboxCreationEnabled:$false
Unfortunately I used the exact command above instead of the correct:
set-OwaMailboxPolicy "OwaMailboxPolicy-Default" -BookingsMailboxCreationEnabled:$false
So it created a new policy called "Default" which I didn't notice for a couple hours. Once I realized it I tried deleting it and I got a error that it was in use. So to make sure it wasn't I ran:
Get-Mailbox -ResultSize unlimited | Set-CasMailbox -OwaMailboxPolicy "OwaMailboxPolicy-Default"
So every mailbox was set to the regular default. I then checked if anything still had the old one:
PS C:\Users\Me> Get-CASMailbox -ResultSize Unlimited | Where {$_.OwaMailboxPolicy -eq "Default"} | Select Name
PS C:\Users\Me>
Which returned nothing as it should. I then tried to delete it:
PS C:\Users\Me> Remove-OwaMailboxPolicy -Identity "Default"
Remove-OwaMailboxPolicy: ||Couldn't delete mailbox policy Default because it is associated with users.
Well I know that to not be true but figured with how Exchange Online works there is some syncing going on so I left it alone for 3 days and tried again this morning but got the same error.
What am I doing wrong?
FlyingStarShip@reddit
I am pretty sure your cmdlet to find which mailbox uses it is wrong, it should be -eq, probably -like or the best is to use full name.
ADynes@reddit (OP)
I'm using the full name so I do want -eq. If I manually assign a single mailbox to the "Default" owa policy it does show up using the search so that is working.
purplemonkeymad@reddit
I've seen some command be iffy with this, due to the way -eq works and that those properties might not actually be a string. Try with -like anyway or use
"Default" -eq $_.OwaMailboxPolicy, (order makes a difference.)ADynes@reddit (OP)
Tried using -Like "default*" and still no results.
purplemonkeymad@reddit
Was worth a check. You don't have any deleted users do you? Might be one of their disconnected mailboxes with it? Otherwise yea strange.
ADynes@reddit (OP)
We had a handful of mailboxes that were in soft delete. I forced them to delete permanently as most were left overs from Bookings and the single actual one I have a backup of. It didn't help although that was a good suggestion. Or maybe it will once everything syncs....I'll give it a couple days and try again.
FlyingStarShip@reddit
At this point it is ticket with MS
Fwhite77@reddit
What about doing a get-mailbox | where {$_.outlookwebpilicy -like "default"}
ADynes@reddit (OP)
Same result, empty.
Conscious-Arm-6298@reddit
Start using -whatif at the end of every command you do, it will save you such headaches
Frothyleet@reddit
I'm not sure what it would help here. He didn't realize he was referencing the wrong policy name. "-WhatIf" would say "you're going to update policy 'Default'", and OP wouldn't notice it there either.
ADynes@reddit (OP)
You're correct. I remember when we had on-prem exchange it was just called "Default" and muscle memory probably took over.
Conscious-Arm-6298@reddit
personally it adds to the mindset of double checking everything
AZSystems@reddit
Well, it's hard to say.
ADynes@reddit (OP)
Not sure what you mean. "OwaMailboxPolicy-Default" is the default policy created in Exchange Online and the one all mailboxes are using. I created the "Default" one accidentally and now cannot remove it.