locked
Exchange 2010 Permission Assistance Needed with WorkSite RRS feed

  • Question

  • Hello,

    I need to grant our WorkSite AD account the proper Exchange permissions so the account has the ability to file emails into our document management system. Here is the requesting permissions.

    • Has a minimum of the following permissions at the Exchange Server level, Information Store Level, and user mailbox Level
    • Exchange 2010: Write, Read, Send As

    Can someone assist me in accomplishing this task? This is all of the documentation I have to go off of. I need this setup where all current mailboxes are applied these settings and all new mailboxes created moving forward also receive these settings. Thanks


    Jason

    Tuesday, August 14, 2012 7:21 PM

Answers

  • You can use genericaAll but that probably won't be enough, AD perms don't translate into Exchange perms but rather allows you to impersonate certain rights. Use below

    get-mailboxserver exchange2010 | add-adpermission -user worksitecomm -accessrights GenericAll, -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

    The above is similar to configuring BES which is likely the exact same permissions your app needs however BES doesn't use GenericAll but just read\write.

    get-mailboxserver <Exchange 2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

     

     


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Wednesday, August 15, 2012 1:39 AM

All replies

  • This is the command I think I should use.

    Get-MailboxDatabase -Identity 'db-o' | Add-ADPermission -User worksitecomm -AccessRights GenericAll

    Identity             User                 Deny  Inherited
    --------             ----                 ----  ---------
    DB-O                 LAWFIRM\WorkSiteComm False False

    Does this look correct? Does GenericAll give Send-As permissions as well?


    Jason

    Tuesday, August 14, 2012 8:52 PM
  • You can use genericaAll but that probably won't be enough, AD perms don't translate into Exchange perms but rather allows you to impersonate certain rights. Use below

    get-mailboxserver exchange2010 | add-adpermission -user worksitecomm -accessrights GenericAll, -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

    The above is similar to configuring BES which is likely the exact same permissions your app needs however BES doesn't use GenericAll but just read\write.

    get-mailboxserver <Exchange 2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

     

     


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Wednesday, August 15, 2012 1:39 AM
  • Hi Jason,

    Any updates?

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Frank Wang

    TechNet Community Support

    Thursday, August 16, 2012 2:21 AM
  • Hello,

    Thank you all for the assistance here. I talked with the Systems Manager today and he reports to having no MAPI errors for our DMS.

    I did not use James Powershell command but I have no doubt that it would have resolved my issue.

    J


    Jason

    Thursday, August 16, 2012 5:44 PM