locked
add-adpermissions RRS feed

  • Question

  • Hello,

    I'm trying to add fullaccess permissions for a service account for all Ex2010 Databases and all Ex2007 Servers. I want to do this at the 'root' level so that any new DBs & servers added in the future will already have permissions inherited to them. However when I run the below commands I recieve an error. I tried the GenericAll permission but when I look at an individual mailbox I do not see this serviceaccount with FullAccess Permissions.

    Add-ADPermission -Identity "CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com" -User "adminserviceaccount" -AccessRights FullAccess

     

    Add-ADPermission -Identity "CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com" -User "adminserviceaccount" -AccessRights FullAccess

    Thursday, May 26, 2011 2:07 PM

Answers

All replies

  • 1. Has the adminserviceaccount accessed the mailbox yet, any of them. Try and access a mailbox on that database via adminserviceaccount and see if you can then see the permission.
    Sukh
    Thursday, May 26, 2011 2:22 PM
  • No I am unable to open other mailboxes from the adminserviceaccount

    Thursday, May 26, 2011 2:31 PM
  • 1. I dont see the "FullAccess" as a valid parameter for the add-adpermission command and genericall may work

    2. Post your error

    3. Follow this and test http://exchangepedia.com/2007/06/how-to-grant-full-mailbox-access-permission.html


    Sukh
    • Marked as answer by Novak Wu Friday, June 3, 2011 1:58 AM
    Thursday, May 26, 2011 3:01 PM
  • Looks like the GenericAll option does work. Just took a little while to propagate to the mailboxes.
    Thursday, May 26, 2011 3:42 PM
  • could take up to 2 hours, if you restart your IS service then should be immediate
    Sukh
    Thursday, May 26, 2011 3:46 PM