Exchange Server TechCenter >
Exchange Server Forums
>
Monitoring
>
Full Access Permission to a database Exchange 2007
Full Access Permission to a database Exchange 2007
- Hello,
We are running Exchange Server 2007 SP1. I would like to grant an administrative account Full Access Permission to all users on a database. This would allow the account to open any mailbox on the database through OWA. I have found several commands to do this through the Exchange Management Shell. When complete the commands I used did add the user to all accounts on the database. However, when I try to open a mailbox through OWA it gives me the message "You Do Not Have Permission to Open this Mailbox". I have waited over two hours for the replication cycle to complete. If I remove the administrator account from a mailbox and add it back individually, I can access the mailbox. Can anyone tell me how to add our administrator account to have Full Access Permission to all accounts in a database? Any help would be appreciated. Thank you.
Answers
- To open mailbox in OWA, it requires full mailbox access. You can run below cmdlet to assign Full Mailbox access on all existing mailboxes of a database...Get-Mailbox -ResultSize Unlimited -Database "DatabaseName" | Add-mailboxpermission –user "AdminUser" –AccessRights FullAccessNote: Make sure that "AdminUser" is not member of any AD admin groups like Domain, Enterprise admins because those have inherited Deny Receive-As permission and doesn't allow to login...
Amit Tank | MVP – Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
- Marked As Answer byDaniel Cumming Thursday, October 08, 2009 2:42 PM
- Edited byAmit TankMVP, ModeratorThursday, October 08, 2009 2:45 PMcorrecting cmdlet
All Replies
- To open mailbox in OWA, it requires full mailbox access. You can run below cmdlet to assign Full Mailbox access on all existing mailboxes of a database...Get-Mailbox -ResultSize Unlimited -Database "DatabaseName" | Add-mailboxpermission –user "AdminUser" –AccessRights FullAccessNote: Make sure that "AdminUser" is not member of any AD admin groups like Domain, Enterprise admins because those have inherited Deny Receive-As permission and doesn't allow to login...
Amit Tank | MVP – Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
- Marked As Answer byDaniel Cumming Thursday, October 08, 2009 2:42 PM
- Edited byAmit TankMVP, ModeratorThursday, October 08, 2009 2:45 PMcorrecting cmdlet
- [PS] C:\Documents and Settings\Administrator.BORDENTOWN>Get-Mailbox -ResultSize
Unlimited -Database "Mailbox Database" | Add-mailboxpermission -user "oversee" -
UserAccessRights Full Access
I have tried the above command with "Mailbox Database" being the database and "oversee" being the account. It returned the following error.
Add-MailboxPermission : A parameter cannot be found that matches parameter name
'UserAccessRights'.
At line:1 char:121
+ Get-Mailbox -ResultSize Unlimited -Database "Mailbox Database" | Add-mailboxp
ermission -user "oversee" -UserAccessRights <<<< Full Access - My bad, just use AccessRights instead of UserAccessRights and pass the value FullMailbox (without space between two words)...Add-MailboxPermission
Amit Tank | MVP – Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
- No problem. I used the corrected command and removed the groups you suggested. It worked perfectly! Thank you very much!
