Hello After Microsoft finally introduced ABP`s I have now started transitioning from Exchange 2003 FE/BE (manually hosted) to Exchange 2010 SP2 ABP. Everything works as expected but there is one niggling little detail that I really can`t find a straight answer to. Being an administrator company policy allows me to access all mailboxes in my entire Exchange 2003, which was easy to set up and which has proven invaluable in the past. In Exchange 2010 this unfortunately is a nightmare. What I am looking for is a Powershell command that can give a user or preferably a group permissions to access to ALL mailboxes in ALL databases on ALL Exchange 2010 SP2 mailboxservers, both existing mailboxes, new mailboxes added in the future and moved mailboxes (from E2003) mailboxes. The command must also interpret the -Automapping $false setting. Can this be done? I tried to accomplish this in an stand-alone Exchange 2010 SP1 installation but after much back and forth I ended up giving myself individual access through EMC on every mailbox only for the Automapping feature to completely ruin my Outlook when I tried to open it. To have access to all mailboxes is a feature that in my view should have been be granted through management roles in Exchange 2010 (like Import/Export is), but since it is not I was wondering if someone has a absolutely proven PowerShell command to provide this (since I hate to tamper too much with permissions in an Exchange 2010 installation, it HAS to work first time!). Anyone?

You just grant receive rights to all the DBs. Get-MailboxDatabase -server "<server name>" | Add-ADPermission -User "<group name>" -ExtendedRights Receive-As How to Allow Mailbox Access http://technet.microsoft.com/en-us/library/aa996343(v=exchg.80).aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

You just grant receive rights to all the DBs. Get-MailboxDatabase -server "<server name>" | Add-ADPermission -User "<group name>" -ExtendedRights Receive-As How to Allow Mailbox Access http://technet.microsoft.com/en-us/library/aa996343(v=exchg.80).aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hi Maddas69, Any updates? The following link is for Exchange 2010: Allow Mailbox Access http://technet.microsoft.com/en-us/library/aa996343.aspxFrank Wang TechNet Community Support

Thank you both. I will try this out on a test database and get back to you with points. BTW: What about -automapping $false? Is this only usable on single mailboxes?

Fantastic :-) Works as expected on my test DB when I ran the command Get-MailboxDatabase -Identity "<DB>" | Add-ADPermission -User "<group>" -ExtendedRights Receive-As I made my own group under "Microsoft Exchange Security Groups" for use with the command, and tested with adding and removing my Admin account to and from it. Works instantly, and was a good way of doing it to have full control over who gets the access or not. For other readers; AFAICS this way of setting permissions also gets rid of the -Automapping problem Good work James, much appreciated :-)