Hi all my helpdesk need full access to mailboxes and the ability to add or remove full access for normal users on shared mailboxes. via the Exchange 2007 console I applied the send as right on each database to the group therefore giving them full access but the still cant change the full access permissions on mailboxes. Do I need to give the security group full access directly on the mailboes instead? I have already added them to recipient admins but dont want to give them any higher exchange org right. On a second note the also need the ability to disable mailboxes and reattch, they seem to be only able to do this with Exch Org Rights. THanks

Anyone able to shed some light on this?

Hi, To correctly modify the mailbox permissions through the Exchange Management Shell, you must have the following permissions: Exchange View-Only Administrator role Administer Information Store permission granted on the mailbox store where the mailbox resides Write permission granted on the mailbox store where the mailbox resides Apart of this you must have "Exchange Recipient Administrator role " proivde for create and delete Exchange 2007 users, which you don't want to assign users. Please visit below URL for all your permission question. Exchange 2007 Permissions: Frequently Asked Questions: http://technet.microsoft.com/en-us/library/bb310792(EXCHG.80).aspx#ManagementAnil

Hi, To add or remove full access for normal users on shared mailboxes, your helpdesk must in 'Exchange View-Only Administrator" group(ability to view the permission of mailbox). And then you need to add the ChangePermission of mailbox for helpdesk: 1. Open Exchange Management Shell 2. type in: Add-MailboxPermission helpdesk -User:'Help Desk Permissions Group' -AccessRights:Changepermisison Note: I assumed that helpdesk is the User logon name of the shared mailbox; Help Desk Permissions Group is your helpdesk security group name. Additionally, helpdesk need to restart the Exchange Managment console to apply the change. To disable or reconnect the mailbox, Helpdesk must in "Exchange Recipient Administrator" group, also need to log off and log into the account to apply the change. The disabled mailbox does not appear in Exchange 2007 console. To reconnect the mailbox, you have to run the Connect-Mailbox cmdlet in Exchange Shell. More information, please refer the followling link: Recipient Cmdlets http://technet.microsoft.com/en-us/library/bb124233(EXCHG.80).aspx

Found this posted by AMIT I just tested this in my test environment. You can run below command which gives "Administer Information Store" (ms-Exch-Store-Admin) rights to your helpdesk staffs that allow them to give full access rights to all users of your Exchange organization. Add-ADPermission -Identity "CN=CompanyOrg ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company ,DC=com" -User "company\HelpDeskStaffs " -ExtendedRights ms-Exch-Store-Admin -InheritanceType All Reference: Recipient Permission Delegation in Exchange Server 2007 http://msexchangeteam.com/archive/2006/11/03/430350.aspx Amit Tank || MVP - Exchange || MCITP - Exchange 2007 || http://ExchangeShare.WordPress.com