Full Access Exchange 2007
Hi all my helpdesk need full access to mailboxes and the ability to add or remove full access for normal users on shared mailboxes. via the Exchange 2007 console
I applied the send as right on each database to the group therefore giving them full access but the still cant change the full access permissions on mailboxes.
Do I need to give the security group full access directly on the mailboes instead?
I have already added them to recipient admins but dont want to give them any higher exchange org right.
On a second note the also need the ability to disable mailboxes and reattch, they seem to be only able to do this with Exch Org Rights.
THanks
April 23rd, 2010 2:52pm
Anyone able to shed some light on this?
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2010 10:13am
Hi,
To correctly modify the mailbox permissions through the Exchange Management Shell, you must have the following permissions:
Exchange View-Only Administrator role Administer Information Store permission granted on the mailbox store where the mailbox resides
Write permission granted on the mailbox store where the mailbox resides
Apart of this you must have "Exchange Recipient Administrator role " proivde for create and delete Exchange 2007 users, which you don't want to assign users.
Please visit below URL for all your permission question.
Exchange 2007 Permissions: Frequently Asked Questions:
http://technet.microsoft.com/en-us/library/bb310792(EXCHG.80).aspx#ManagementAnil
April 24th, 2010 7:51pm
Hi,
To add or remove full access for normal users on shared mailboxes, your helpdesk must in 'Exchange View-Only Administrator" group(ability to
view the permission of mailbox). And then you need to add the ChangePermission of mailbox for helpdesk:
1. Open Exchange Management Shell
2. type in:
Add-MailboxPermission
helpdesk -User:'Help Desk Permissions Group' -AccessRights:Changepermisison
Note: I assumed that
helpdesk is the User logon name of the shared mailbox; Help Desk Permissions Group is your helpdesk security group name. Additionally, helpdesk need to restart the Exchange Managment console to apply the change.
To disable or reconnect the mailbox, Helpdesk must in "Exchange Recipient Administrator" group, also need to log off and log into the
account to apply the change. The disabled mailbox does not appear in Exchange 2007 console. To reconnect the mailbox, you have to run the Connect-Mailbox cmdlet in Exchange Shell. More information, please refer the followling link:
Recipient Cmdlets
http://technet.microsoft.com/en-us/library/bb124233(EXCHG.80).aspx
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2010 2:37pm
Found this posted by AMIT
I just tested this in my test environment. You can run below command which gives "Administer Information Store" (ms-Exch-Store-Admin) rights to your helpdesk staffs that allow them to give full access rights to all
users of your Exchange organization.
Add-ADPermission -Identity "CN=CompanyOrg ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company ,DC=com" -User "company\HelpDeskStaffs
" -ExtendedRights ms-Exch-Store-Admin -InheritanceType All
Reference:
Recipient Permission Delegation in Exchange Server 2007
http://msexchangeteam.com/archive/2006/11/03/430350.aspx
Amit Tank || MVP - Exchange || MCITP - Exchange 2007 || http://ExchangeShare.WordPress.com
April 28th, 2010 9:36am