locked
How to assign fullaccess permission on a mailbox RRS feed

  • Question

  • Hello

    I have a security group called "Help desk". I need to assign full access to the group on all mailboxes on a databse so that they can open the mailboxes using OWA.

    I used this command which works.
    Get-Mailbox -ResultSize Unlimited -Database "DatabaseName" | Add-mailboxpermission –user "Help desk" –AccessRights FullAccess
    However, I need them to have access to any newly created mailbox on that database and not only the ones that were present at the time of issuing the command. How can we set this once for all for that group? We don't want to run this for any new mailboxes.
    We still have exchange 2007 SP2
    Thanks
    Thursday, May 26, 2011 5:45 PM

All replies

  • You have to run this for  new mailboxes. you can assign the permissions when you create the mailbox.

     

    new-mailbox | add-permission

     

    Thursday, May 26, 2011 5:54 PM
  • But we don't want to run anything for new mailboxes. We want this to be inherited to any new mailbox created on that database.
    Thursday, May 26, 2011 5:58 PM
  • http://technet.microsoft.com/en-us/library/aa996343.aspx

    See the section "Use the Shell to grant Receive As permission for a mailbox database "

     

     

    Thursday, May 26, 2011 6:01 PM
  • Do we need a combination of fullaccess and receive-as or just receive-as? All we need for these users is to be able to open the mailbox using OWA.
    Thursday, May 26, 2011 6:06 PM
  • Recieve As is the mininum required to open a mailbox, however OWA requires explicit full mailbox access to open:

    http://technet.microsoft.com/en-us/library/aa998830(EXCHG.80).aspx

     


    Thursday, May 26, 2011 6:20 PM
  • That won't work for OWA and hence my question.
    Thursday, May 26, 2011 6:22 PM
  • That won't work for OWA and hence my question.


    Yep, caught that OWA requirement at the last minute. Your only other option is to create a scheduled task that grants full access or assign when you create the mailbox.

     

    Thursday, May 26, 2011 6:25 PM
  • No problem. As I thought, the only way is to grant full access for the entire DB and then somehow query the newly created MBX and do it again. I just need to confirm that's pretty much it and there is no way around.
    Thursday, May 26, 2011 6:31 PM
  • Well, there kinda is. You can access web parts : http://technet.microsoft.com/en-us/library/bb232199(EXCHG.80).aspx

    But you would still need permissions to specfic folders and not at the store level.

     

    Thursday, May 26, 2011 6:38 PM
  • It's mainly for our help desk to check mobile devices status so we don't really care about folder permissions.
    Thursday, May 26, 2011 6:42 PM
  • Hi,

    Run this cmdlet to grant FullAccess permission on database level(all the mailbox include newly creating)

    Add-ADPermission -Identity "Mailbox Database" -User "User-Account" -ExtendedRights Receive-As


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, May 30, 2011 2:29 AM
  • jason,

    This is what I am getting with your command:

    You do not have permission to open this mailbox. For access or for more information, contact technical support for your organization.

    Tuesday, May 31, 2011 3:34 PM
  • Hi,

    The user account type should be User instead of Security group.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, June 1, 2011 2:52 AM