Access to all mailbox for administrator in Exchange 2010
Hi All, I am trying to grant access to receive as and send as permission to all mail box to a specific security group or a services account. I already know exchange denied the ‘Receive-As’ permission at the organization level. that should not conflict to this setup due to the services account is not a sys admin account. I know I can add individual full permission control by add-MailboxPermission but it does not apply to any mailbox will be created in the future. I also tried the suggestion from http://theessentialexchange.com/blogs/michael/archive/2009/09/29/exchange-server-2010-administrative-access-to-all-mailboxes.aspx It use add-AdPermission But at this point I am not sure what I need to put in the Identity parameters. Add-AdPermission –Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local” –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents Have you gays had any suggestion how do I move forward? Thanks in advance Best Regard Vincent L
March 6th, 2010 2:07pm

It use add-AdPermission But at this point I am not sure what I need to put in the Identity parameters. Add-AdPermission –Identity “CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local” –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents Have you gays had any suggestion how do I move forward? Thanks in advance Best Regard Vincent L This identity represents the container where all mailbox databases exist in Active Directory. It is the Distinguished Name of the container "Databases" which is used in above command. You can get this Distinguished Name by two ways 1. Run following command in EMS get-mailboxDatabase |fl DistinguishedName It will return the DNs of all the MBX DBs like this “CN=Mailbox Database,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local” Discard the name of the Mailbox Database (i.e first CN= entry) and select the container DN from this which will be: CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=local” 2. You can see this using ADSIEdit.msc tool. Open ADSIEdit and then go to "Configuration-> Services->Microsoft Exchange->YourExchangeOrgnaizationName->Administrative Groups->Exchange Administrative Group (FYDIBOHF23SPDLT)->Databases-> you can see its DN by looking at the property of this "Databases" container. Hope this helps. Regards, Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2010 2:39pm

You can keep it simple, assuming your database name is "Mailbox Database" you can simply set this to Get-MailboxDatabase -Identity "mailbox database" | Add-AdPermission –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents Cheers
March 7th, 2010 3:01am

You can keep it simple, assuming your database name is "Mailbox Database" you can simply set this to Get-MailboxDatabase -Identity "mailbox database" | Add-AdPermission –User EXAMPLE\TEST –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents Cheers Yes it can be done like this but OP was asking to set the permission on the root container "Databases" and this command will set permission individually on the all Mailbox Databases itself. Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
Free Windows Admin Tool Kit Click here and download it now
March 7th, 2010 4:40pm

Thanks Guys, I think Laeeq's solution is the best apporpach.Best Regard Vincent L
March 8th, 2010 9:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics