Error Message

A Dtrace of AgentClientBroker will show the following:
 

(AgentClientBroker)       <6856> EV:L               {CEx2kMailboxPermissions::ReadPropertiesFromActiveDirectory:#249} Read displayName [Nicole Myers]

(AgentClientBroker)       <6856> EV:L               {CEx2kMailboxPermissions::ReadPropertiesFromActiveDirectory:#214} Copying object Sid

(AgentClientBroker)       <6856> EV:L               {CADExtras::ReadStringAttributeValue:#96} Result string: [nmyers]

(AgentClientBroker)       <6856> EV:L               {CEx2kMailboxPermissions::ReadPropertiesFromActiveDirectory:#254} Read mailNickname [nmyers]

(AgentClientBroker)       <6856> EV:H               {CEx2kMailboxPermissions::getmailboxsecuritydescriptor:#145} Failed to list mailbox permissions for [/o=Veritas/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=38661019ed2c4277962d1777d1fba4d8-Nicole Myers] whilst synchronizing due to a missing Active Directory attribute msExchMailboxSecurityDescriptor

(AgentClientBroker)       <6856> EV:H               {CEx2kMailboxPermissions::GetMailboxUserList:#584} EX2KMBXPERM::GMUL[CN=Nicole Myers,OU=EVUsers,DC=kvs,DC=local] - Error [0x80040C9B]

Enterprise Vault looks at the msExchMailboxSecurityDescriptor Active Directory attribute of the user whose SID needs to be synced with the delegate permission on the archive of the user mailbox in context.

If msExchMailboxSecurityDescriptor attribute is missing/inaccessible, then the mailbox folder permission sync for the user mailbox archive will not succeed.

Generally, mailboxes migrated to Office 365 do not have msExchMailboxSecurityDescriptor attribute. Hence Enterprise Vault permission synchronization does not synchronize the delegate folder permission for such accounts to the user mailbox archive.

Enterprise Vault by design will not be able to sync the delegate folder permission for the account having issues with missing/inaccessible msExchMailboxSecurityDescriptor or migrated to Office 365.