Grant FULL Access Permission on All mailboxes in a particular database in Exchange 2010 including future accounts RRS feed

  • Question

  • Hi All,

    Could anyone please help me to Grant FULL Access Permission on All mailboxes in a particular database on Exchange 2010 including future accounts through Exchange shell script.




    Monday, October 29, 2012 6:33 AM


All replies

  • Hi,

    If you configure the permissions on the database it should do as you want:



    Monday, October 29, 2012 8:54 AM
  • Here is a step by step process we use for our DigiScope customers to grant those rights http://www.lucid8.com/download/documentation/DSWebHelp/SETUP/Granting_Access_to_Exchange_2010_Production_Databases_Mailboxes.htm

    Troy Werelius
    Search, Recover, & Extract Mailboxes, Folders, & Email Items from Offline EDB's and Live Exchange Servers or Import/Migrate direct from Offline EDB to Any Production Exchange Server, even cross version i.e. 2003 --> 2007 --> 2010 with Lucid8's DigiScope

    Monday, October 29, 2012 6:36 PM
  • Propagating Permissions for Existing Users/New Mailboxes may work in case if you propagate permission on the Database Level. You may use the command below to propagate permission on the Database container:

    Add-AdPermission -Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<DomainName>,DC=<TopDomain>” -User <UserorGroupIdentity> -InheritedObjectType msExchPrivateMDB -AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As -inheritanceType Descendents

    If Propagating permissions on the Database won't work then You can consider using Cmdlet Extension agents in case if you want that for future mailboxes alone. And for old Mailboxes you must have to run Add-MailboxPermission with -Accessrights FullAccess Specified for the user.

    command you can use to propagate Full permissions for existing users in the database:

    Get-Mailbox -Database <Database Name> | Add-MailboxPermission -User <User Who should have Full Access> -InheritanceType All -accessRights FullAccess

    More info about Cmdlet Extension Agents:

    Cmdlet Extension Agents


    I am also providing sample syntax of the ScriptingAgent.xml file which i have used in my Test Lab which will propagate full permissions on any new mailbox created in any database. in case if you have to customizing as per the database name then you would need to change little bit in this syntax of the xml file

    <?xml version="1.0" encoding="utf-8" ?> <Configuration version="1.0"> <Feature Name="MailboxProvisioning" Cmdlets="new-mailbox"> <ApiCall Name="OnComplete"> if($succeeded) { $newmailbox = $provisioningHandler.UserSpecifiedParameters["Name"]; Add-Mailboxpermission -identity $newmailbox -User UserWhoWillHaveFullPermissions -AccessRights FullACcess -InheritanceType All

    } </ApiCall> </Feature> </Configuration>

    You have to save this file as ScriptingAgentConfig.xml and this has to be in your CmdletExtentionAgent folder.

    Run the Command : Get-cmdletExtensionAgent | Fl Name,Enabled and if enabled=False, you will also have to make sure that the "Scripting Agent" is turned on. to turn it on:

    Enable-CmdletExtensionAgent "Scripting Agent"

    To disable you can run: Disable-CmdletExtenstionAgent , soon you do this the automatic propagatin of permissions for new-mailboxes will stop as the scriptingagentconig.xml won't be invoked by the scripring agent as it is disabled.

    Hope this Works!

    M.P.K ~ ( Exchange | 2003/2007/2010/E15(2013)) ~~ Please remember to click “Vote As Helpful" if it really helps and "Mark as Answer” if it answers your question, “Unmark as Answer” if a marked post does not actually answer your question. ~~ This Information is provided is "AS IS" and confers NO Rights!!

    • Proposed as answer by PK M Monday, October 29, 2012 8:16 PM
    • Edited by PK M Monday, October 29, 2012 9:00 PM
    Monday, October 29, 2012 8:15 PM