Full Access permissions automatically to mailbox for a service account

All replies

• 

  

  0

  Sign in to vote

  Give Receive as Perms to the entire mailbox database:

  http://technet.microsoft.com/en-us/library/aa996343(v=exchg.80).aspx

  How to Allow Mailbox Access

  Wednesday, April 11, 2012 8:58 PM
• 

  

  0

  Sign in to vote

  Hi,

  Thanks for your reply but unfortunately this doesn't seem to work. Here is how I tested:

  1. ran successfully command: Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-As
  2. created new user to the mailbox store where I have given the permissions
  3. checked from the new user's Manage Full Access Permissions view in Exchange Management Console but unfortunately there were only "NT AUTHORITY\SELF" not the "Trusted User"

  Any other suggestions?

  Best regards,

  Toni

  ---

  www.triuvare.fi

  Thursday, April 12, 2012 5:28 AM
• 

  

  0

  Sign in to vote

  You will not be able to see this permission in Mailbox permission. As you see we have run the command Add-ADpermission. You can check on the user in AD whether the permission has been inherited from Mailbox store or not.

  Did you try to access the mailbox using that service account?

  ---

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com

  Thursday, April 12, 2012 6:14 AM
• 

  

  0

  Sign in to vote

  Hi,

  I tried logged in to OWA with the service account and tried to open another user mailbox from the store where I have given the permission before. I got an error message: "You do not have permission to open this mailbox. For access or for more information, contact technical support for your organization.".

  Is there any way to do this so that the permission (Full Access) would be visible in Exchange Management Console as well?

  Best regards,

  Toni

  ---

  www.triuvare.fi

  Thursday, April 12, 2012 6:23 AM
• 

  

  0

  Sign in to vote

  lets try this. It worked in my lab enviroment.

  Get-Mailboxdatabase | Add-ADPermission -User serviceaccount -AccessRights ExtendedRight -ExtendedRights ms-exch-store-admin, receive-as

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com

  
  

  • Edited by Hasnain Shaikh Thursday, April 12, 2012 6:35 AM

  Thursday, April 12, 2012 6:35 AM
• 

  

  0

  Sign in to vote

  Hi Toni,

  Yes, that will only work for those existing mailboxes, for new created mailboxes, you need to run that command again.

  You also can follow Andy's suggestion to have a try, I checked in my lab (Exchange 2007 SP3), this will not work on the new created mailboxes.

  Thanks,

  Evan Liu

  TechNet Subscriber Support in forum

  If you have any feedback on our support, please contact tngfb@microsoft.com  

  ---

  Evan Liu

  TechNet Community Support

  

  Thursday, April 12, 2012 8:33 AM

  Moderator
• 

  

  1

  Sign in to vote

  lets try this. It worked in my lab enviroment.

  Get-Mailboxdatabase | Add-ADPermission -User serviceaccount -AccessRights ExtendedRight -ExtendedRights ms-exch-store-admin, receive-as

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com

  
  

  @Hasnain

  Did you test on new created mailbox?

  I follow your way to test in my lab, I cannot open the new created mailbox.

  Thanks,

  Evan Liu

  TechNet Subscriber Support in forum

  If you have any feedback on our support, please contacttngfb@microsoft.com 

  ---

  Evan Liu

  TechNet Community Support

  

  Thursday, April 12, 2012 9:30 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hi Toni,

  I checked in my lab, cannot make full access permission work on the new created mailboxes.

  For the send as permission, you can follow this way to make it works on new created mailboxes:

  Grant "send as" permission at the domain or ou level:

  Use one account that has Domain Admin permission of the domain, or Enterprise Admin permissions.

  Run this command to grant "send as" permisison at the domain or OU level:

  Add-ADPermission "<DN of Domain or OU>" -User "Domain\New Service Account"  -ExtendedRights "send as" -InheritedObjectType user

  After that service account will have send as permission on the users in that domain or OU.

  Thanks,

  Evan Liu

  TechNet Subscriber Support in forum

  If you have any feedback on our support, please contacttngfb@microsoft.com

  ---

  Evan Liu

  TechNet Community Support

  

  • Marked as answer by Toni Rantanen Friday, April 13, 2012 9:53 AM

  Friday, April 13, 2012 9:12 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hi Evan,

  Thanks. So answer to my original question is that this is not possible.

  Thanks for clearing me out the difference between Send As and Full Access permissions. Now I understand how the existing service account + Send As works automatically.

  I will create a script and schedule it to be ran regularly.

  Best regards,

  Toni

  ---

  www.triuvare.fi

  Friday, April 13, 2012 9:53 AM