Access to all mailbox for administrator in Exchange 2010
-
Saturday, March 06, 2010 11:07 AMHi All,
I am trying to grant access to receive as and send as permission to all mail box to a specific security group or a services account.
I already know exchange denied the ‘Receive-As’ permission at the organization level. that should not conflict to this setup due to the services account is not a sys admin account.
I know I can add individual full permission control by add-MailboxPermission but it does not apply to any mailbox will be created in the future.
I also tried the suggestion from http://theessentialexchange.com/blogs/michael/archive/2009/09/29/exchange-server-2010-administrative-access-to-all-mailboxes.aspxIt use add-AdPermission But at this point I am not sure what I need to put in the Identity parameters.
Add-AdPermission –Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local” –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents
Have you gays had any suggestion how do I move forward?
Thanks in advance
Best Regard Vincent L
Answers
-
Saturday, March 06, 2010 11:39 AM
It use add-AdPermission But at this point I am not sure what I need to put in the Identity parameters.
Add-AdPermission –Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local” –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents
Have you gays had any suggestion how do I move forward?
Thanks in advance
Best Regard Vincent L
This identity represents the container where all mailbox databases exist in Active Directory.It is the Distinguished Name of the container "Databases" which is used in above command.You can get this Distinguished Name by two ways1. Run following command in EMSget-mailboxDatabase |fl DistinguishedNameIt will return the DNs of all the MBX DBs like this“CN=Mailbox Database,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local”Discard the name of the Mailbox Database (i.e first CN= entry) and select the container DN from this which will be:CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local”2. You can see this using ADSIEdit.msc tool.Open ADSIEdit and then go to "Configuration-> Services->Microsoft Exchange->YourExchangeOrgnaizationName->Administrative Groups->Exchange Administrative Group (FYDIBOHF23SPDLT)->Databases->you can see its DN by looking at the property of this "Databases" container.Hope this helps.Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com- Marked As Answer by Vincent L Monday, March 08, 2010 6:11 AM
All Replies
-
Saturday, March 06, 2010 11:39 AM
It use add-AdPermission But at this point I am not sure what I need to put in the Identity parameters.
Add-AdPermission –Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local” –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents
Have you gays had any suggestion how do I move forward?
Thanks in advance
Best Regard Vincent L
This identity represents the container where all mailbox databases exist in Active Directory.It is the Distinguished Name of the container "Databases" which is used in above command.You can get this Distinguished Name by two ways1. Run following command in EMSget-mailboxDatabase |fl DistinguishedNameIt will return the DNs of all the MBX DBs like this“CN=Mailbox Database,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local”Discard the name of the Mailbox Database (i.e first CN= entry) and select the container DN from this which will be:CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local”2. You can see this using ADSIEdit.msc tool.Open ADSIEdit and then go to "Configuration-> Services->Microsoft Exchange->YourExchangeOrgnaizationName->Administrative Groups->Exchange Administrative Group (FYDIBOHF23SPDLT)->Databases->you can see its DN by looking at the property of this "Databases" container.Hope this helps.Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com- Marked As Answer by Vincent L Monday, March 08, 2010 6:11 AM
-
Sunday, March 07, 2010 12:01 AMYou can keep it simple, assuming your database name is "Mailbox Database" you can simply set this to
Get-MailboxDatabase -Identity "mailbox database" | Add-AdPermission –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents
Cheers -
Sunday, March 07, 2010 1:40 PM
You can keep it simple, assuming your database name is "Mailbox Database" you can simply set this to
Yes it can be done like this but OP was asking to set the permission on the root container "Databases" and this command will set permission individually on the all Mailbox Databases itself.
Get-MailboxDatabase -Identity "mailbox database" | Add-AdPermission –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents
CheersRegards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com -
Monday, March 08, 2010 6:11 AMThanks Guys,
I think Laeeq's solution is the best apporpach.
Best Regard Vincent L
.png){kind=spacer}
