Propagating Permissions for Existing Users/New Mailboxes may work in case if you propagate permission on the Database Level. You may use the command below to propagate permission on the Database container:
Add-AdPermission -Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<DomainName>,DC=<TopDomain>” -User <UserorGroupIdentity> -InheritedObjectType msExchPrivateMDB -AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As -inheritanceType Descendents
If Propagating permissions on the Database won't work then You can consider using Cmdlet Extension agents in case if you want that for future mailboxes alone. And for old Mailboxes you must have to run Add-MailboxPermission with -Accessrights FullAccess
Specified for the user.
command you can use to propagate Full permissions for existing users in the database:
Get-Mailbox -Database <Database Name> | Add-MailboxPermission -User <User Who should have Full Access> -InheritanceType All -accessRights FullAccess
More info about Cmdlet Extension Agents:
Cmdlet Extension Agents
http://www.howexchangeworks.com/2011/06/automating-tasks-with-scripting-agent.html
I am also providing sample syntax of the ScriptingAgent.xml file which i have used in my Test Lab which will propagate full permissions on any new mailbox created in any database. in case if you have to customizing as per the database name then you would
need to change little bit in this syntax of the xml file
<?xml version="1.0" encoding="utf-8" ?>
<Configuration version="1.0">
<Feature Name="MailboxProvisioning" Cmdlets="new-mailbox">
<ApiCall Name="OnComplete">
if($succeeded) {
$newmailbox = $provisioningHandler.UserSpecifiedParameters["Name"];
Add-Mailboxpermission -identity $newmailbox -User UserWhoWillHaveFullPermissions -AccessRights FullACcess -InheritanceType All
}
</ApiCall>
</Feature>
</Configuration>
You have to save this file as ScriptingAgentConfig.xml and this has to be in your CmdletExtentionAgent folder.
Run the Command : Get-cmdletExtensionAgent | Fl Name,Enabled and if enabled=False, you will also have to make sure that the "Scripting Agent" is turned on. to turn it on:
Enable-CmdletExtensionAgent "Scripting Agent"
To disable you can run: Disable-CmdletExtenstionAgent , soon you do this the automatic propagatin of permissions for new-mailboxes will stop as the scriptingagentconig.xml won't be invoked by the scripring agent as it is disabled.
Hope this Works!
M.P.K ~ ( Exchange | 2003/2007/2010/E15(2013)) ~~ Please remember to click “Vote As Helpful" if it really helps and "Mark as Answer” if it answers your question, “Unmark as Answer” if a marked post does not actually answer your question. ~~ This Information
is provided is "AS IS" and confers NO Rights!!
