Hello, I have created a Mail Enabled Security Group. I then added several members to the group. I granted this group Full access to a mailbox using the following command: Add-MailboxPermission mailboxName -User GroupName -AccessRights FullAccess However the members of the group are unable to access the mailbox. This same procedure worked fine under Exchagne 2007. Are there some additional permissions that need to be granted under Exchange 2010 to allow groups to be used for full access. Thanks Bill

May have to wait for permission to take effetc, it can take up to 2 hours, or if you can restart the IS service.Sukh

Maybe a dumb question, but have you had the users log off their computers and back on to pick up the new group on their acounts before trying to access it? We do the same thing with groups on Exchange 2010, and it works fine. Try Outlook Web to open the other mailbox. It will rule out some kind of Outlook client config as long as they have logged off and back on to pick up the new group.

Maybe a dumb question, but have you had the users log off their computers and back on to pick up the new group on their acounts before trying to access it? We do the same thing with groups on Exchange 2010, and it works fine. Try Outlook Web to open the other mailbox. It will rule out some kind of Outlook client config as long as they have logged off and back on to pick up the new group. good point.Sukh

Hi, The tests we are running are all use Outlook Web App 2010. One thing that I did forget to mention is: The Mailboxes and the Groups were migrated from the 2007 environment. I have updated all of the mailboxes and groups to exchange 2010. The message I am getting from owa is: Your mailbox appears to be unavailable. Try to access it again in 10 seconds. If you see this error again, contact your helpdesk. If I add one of the user accounts directly then the access works fine.

What type of group is it? Universal?Sukh

Hi, The similar question has been posted here: http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/9840fd13-daf8-45aa-ab35-4a827f1ba1e0/ It could be a bug. Until now there is no a prefect solution to solve this problem. Anyway I will report this issue again to a higher level support. Once I get any feeback I will post here.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I've just tested this. Created a universal security group called FMAccess, added in user1 & user2. I then gave FMAccess full access permission to User3. This works. I did this all via the EMC and not the EMS Sukh

Hello, Yes they are all universal groups. Bill

Is the test I did what youre trying to achieve? Can you do those same steps?Sukh

We haven't had any problems with this at all. The command I use is: Add-MailboxPermission -identity mailboxyouaregivenaccessto@domain.com -User 'Domain\GroupName' -AccessRights 'FullAccess' No problems at all in our enviornment with this setup. We are Exchange 2010 SP1 (no rollups even).

thanks, seems like an issue with that env, did you try and test again, create a new profile in online mode and testSukh

I would try Outlook to rule out something weird going on with Outlook Web as well. We use this setup quite extensively in our environment. All the security groups are in a OU in AD that the help desk can control and grant access/remove access for our departmental shared mailboxes. Been working great on both 2007, and 2010.

Hello, I have essentially the same procedure. I am not using the EMC. The groups are created using ILM 2007 and the groups are given access using: add-mailboxpermission -identity mailboxIdentity -user groupIdentity -AccessRights FullAccess -InheritanceType All Bill

Perhaps its a bug introduced by Rollup 5 which we are running. Exchange 2010 SP1 RU5 on Windows 2008 R2 SP1. Bill

Hello, We have the same problem with outlook. The group members cannot gain access to the Mailbox. Adding the user directly to the mailbox gives them access. All groups are Universal Mail Enabled Security Groups. The mailboxes as well as the groups were upgraded from Exchange 2007 to Exchange 2010. Bill

Im on rollup 5 and the same OS as you. Can you try doing manually like I have and test?Sukh

Hello, I have done this manually as well and it did not work. Bill

The whole process of creating the group manually and using EMC etc.....?Sukh

Did it work pre Rollup 5? It works in my environment I assure you (if it didn't, it would be a big mess). Do you have any inheritence issues on the AD accounts? Make sure inheritence is turned on in AD on the security tab for the mailbox account you are granting access too. If any of those accounts are in groups such as "account operators" inheritence can get turned off. I can grant access to a basic univeral security group in AD, as well as mail enabled universal security groups within Exchange, and it works in Outlook Web and Outlook. If you try with a non mail enabled security group, does it work?

Hello, I am still contending with this issue. Does anyone have any ideas on what I might try? Bill

I see no recent posts to this, but we had the same problem of groups not working with shared mailboxes. I came here initially and eventually found http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/9840fd13-daf8-45aa-ab35-4a827f1ba1e0. Sukh828's number 4 item resolved it, as with others. It's an issue with migrating from older Exchange where new permissions for the Exchange Servers group are added into AD, but it may not get the right permissions it needs. If you give the group Full Control in AD, it can then read and set the group permissions. It seems to be a migration glitch, as some migrations get the right permissions for Exchange Servers in AD, but others do not.