This tech article is straight forward and I have used it successfully in the past:
http://www.symantec.com/business/support/index?pag...
Our environment has changed a little bit, and I'm struggling to successfully zap permissions.
EV 904 and Exchange 2007 were originally in DomainA. EV 904 continues to be in DomainA, but all mailboxes have moved to Exchange 2010 in DomainB. (Linked mailboxes, linked back to the original AD user objects in DomainA). There is a two-way transitive trust between DomainA and DomainB.
There are a subset of mailboxes that I inherited full vault permissions to, due to "full access" assigned to the mailbox. These mailboxes now exist in DomainB, and are also disabled. I'm not having success with my EVPM syntax.
This ends successfully but does not "zap" the permissions like I need it to:
evpm.exe" -e <Exchange2007MailboxServer in DomainA> -m SA-EVault -f ZapSpecificVaultPerms.ini
This produces "Error creating privileged MAPI session"
evpm.exe" -e <Exchange2010CASArray in DomainB> -m SA-EVault -f ZapSpecificVaultPerms.ini
Same errror with this syntax:
evpm.exe" -e <Exchange2010MailboxServer in DomainB> -m SA-EVault -f ZapSpecificVaultPerms.ini
Service account SA-EVault exists in DomainA and has full mailbox permissions within DomainB.