Domain Admins Full Mailbox Access...
I have spent several hours and cannot figure out how to add the domain admins group to have full mailbox access. I want them to be able to login to any mailbox, read the email if necessary and send email. I have used the following commands with my information:
Add-ADPermission -Identity "First Storage Group" -User "domain admins" -ExtendedRights Receive-As
Add-ADPermission -Identity "First Storage Group" -User "domain admins" -ExtendedRights Send-As
I've read that domain admins have an explicit deny which overrides my allow but I cannot for the life of me figure out how to remove the deny. I have tried the following:
Remove-ADPermission -Identity "First Storage Group" -User "Domain Admins" -ExtendedRights Receive-As -deny
I am greeted with the message:
WARNING: An inherited access control entry has been specified: [Rights: ExtendedRight, ControlType: Deny] and was ignored on object "CN=First Storage Group....
Any help would be greatly appeciated...
April 15th, 2008 9:38pm
John,You could use the following command:Add-MailboxPermission "Test user" -AccessRights FullAccess -user "administrator"The last parameter can also be a group, see the following page Regards,Johan
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2008 10:39pm