How to assign fullaccess permission on a mailbox
Hello I have a security group called "Help desk". I need to assign full access to the group on all mailboxes on a databse so that they can open the mailboxes using OWA. I used this command which works. Get-Mailbox -ResultSize Unlimited -Database "DatabaseName" | Add-mailboxpermission –user "Help desk" –AccessRights FullAccess However, I need them to have access to any newly created mailbox on that database and not only the ones that were present at the time of issuing the command. How can we set this once for all for that group? We don't want to run this for any new mailboxes. We still have exchange 2007 SP2 Thanks
May 26th, 2011 8:45pm

You have to run this for new mailboxes. you can assign the permissions when you create the mailbox. new-mailbox | add-permission
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2011 8:54pm

But we don't want to run anything for new mailboxes. We want this to be inherited to any new mailbox created on that database.
May 26th, 2011 8:58pm

http://technet.microsoft.com/en-us/library/aa996343.aspx See the section "Use the Shell to grant Receive As permission for a mailbox database "
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2011 9:01pm

Do we need a combination of fullaccess and receive-as or just receive-as? All we need for these users is to be able to open the mailbox using OWA.
May 26th, 2011 9:06pm

Recieve As is the mininum required to open a mailbox, however OWA requires explicit full mailbox access to open: http://technet.microsoft.com/en-us/library/aa998830(EXCHG.80).aspx
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2011 9:20pm

That won't work for OWA and hence my question.
May 26th, 2011 9:22pm

That won't work for OWA and hence my question. Yep, caught that OWA requirement at the last minute. Your only other option is to create a scheduled task that grants full access or assign when you create the mailbox.
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2011 9:25pm

No problem. As I thought, the only way is to grant full access for the entire DB and then somehow query the newly created MBX and do it again. I just need to confirm that's pretty much it and there is no way around.
May 26th, 2011 9:31pm

Well, there kinda is. You can access web parts : http://technet.microsoft.com/en-us/library/bb232199(EXCHG.80).aspx But you would still need permissions to specfic folders and not at the store level.
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2011 9:38pm

It's mainly for our help desk to check mobile devices status so we don't really care about folder permissions.
May 26th, 2011 9:42pm

Hi, Run this cmdlet to grant FullAccess permission on database level(all the mailbox include newly creating) Add-ADPermission -Identity "Mailbox Database" -User "User-Account" -ExtendedRights Receive-AsPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 30th, 2011 5:29am

jason, This is what I am getting with your command: You do not have permission to open this mailbox. For access or for more information, contact technical support for your organization.
May 31st, 2011 6:34pm

Hi, The user account type should be User instead of Security group. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2011 5:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics