We have a lot of users that have been delegated access to other accounts. For the most part this doesn’t cause a problem, but problems do come up on occasion. The biggest problem is when someone who had been granted delegate permissions on another account leaves. We generally remove the account, but what happens to the delegates in Outlook when you do that? Well when you look at the delegates tab you see the person’s name who left with “(Not Found)” after it.
We usually don’t know there is a problem until someone tries to schedule a meeting with someone (the person who granted the former user delegate access). The meeting request comes in and then Outlook tries to notify the delegates about the meeting. Guess what? It can locate the former user and sends an NDR message back to the appointment sender.
I’ve done some checking and found out that the AD attribute that stores the Outlook delegate information is “publicDelegates”. The problem is that when you look at the AD Attribute Editor on an account and look at that field, it will only list accounts that are still active in AD. The only way to tell if someone is listed with the (Not Found) text is to look at the delegates on the Outlook account. So you really have to know your users and get some specific information. It usually isn’t hard to track down if an appoint request goes to one person, but if it goes to multiple people it can take some time.
Another attribute that I found out about while researching this is the “publicDelegatesBL”. This entry lists the accounts that someone has been granted delegate access to. So if you want to know if someone is a delegate on any accounts you can go to AD and open the properties of the person in questions, open the Attribute Editor tab, and look at that entry.
The best way I have found to try and prevent problems is to look at the “publicDelegatesBL” attribute before we remove any accounts. I’m still look for a way to see the people listed after the account has been removed.
Source: http://hellomate.typepad.com/exchange/2004/09/listing_which_e.html
UPDATE: It appears at some point the attributes above changed to the following attributes.
publicDelegates is now MSExchDelegateListLink
publicDelegatesBL is now MSExchDelegateLinkListBL
