Background: Single Exchange 2007 Server on a Win 2008 ServerI'm trying to give a domain service account "receive as" permission to all mailboxes in a Mailbox store in Exchange 2007 using the EMC. I use the following syntax: add-ADPermission -identity "First Storage Group" -user "admin_srv_migration" -ExtendedRights Receive-AsI get the error: Add-ADPermission : There are multiple objects matching the identity "First Storage Group". Please specify an unique value.I only have two mailbox storage groups. One is for public folders and one for mailboxes. First Storage Group is my mailbox store. Anyone any ideas?thanks,paddy ryan

Hi there,Try Mailbox or Mailbox Database:Example on a Mailbox Database:Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-AsMore information:"How to allow Mailbox Access" http://technet.microsoft.com/en-us/library/aa996343(EXCHG.80).aspxYou should be able to pipe also. Example:To add to all Databases on all Exchange 2007 Servers in your Org:Get-MailboxServer | Add-ADPermission -User "Trusted User" -ExtendedRights Receive-AsTo add to all 2007 Databases in your Org, when inheritance has been dissallowed for whatever reason:Get-MailboxDatabase | Add-ADPermission -User "Trusted User" -ExtendedRights Receive-AsYou may have better luck with your command with:add-ADPermission -identity "SERVERNAME\First Storage Group" -user "admin_srv_migration" -ExtendedRights Receive-AsOliver Oliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

On Mon, 25-Jan-10 12:22:35 GMT, paddyryan wrote:>Background: Single Exchange 2007 Server on a Win 2008 ServerI'm trying to give a domain service account "receive as" permission to all mailboxes in a Mailbox store in Exchange 2007 using the EMC. I use the following syntax: add-ADPermission -identity "First Storage Group" -user "admin_srv_migration" -ExtendedRights Receive-AsI get the error: Add-ADPermission : There are multiple objects matching the identity "First Storage Group". Please specify an unique value.I only have two mailbox storage groups. One is for public folders and one for mailboxes. First Storage Group is my mailbox store. Anyone any ideas?thanks,>paddy ryan Is "First Storage Group" the name of the mailbox database??To see the identities of your mailbox databases, use:Get-MailboxDatabase | select identityTo see the identities of your storage groups, use:Get-StorageGroup | select identity---Rich MatheisenMCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Rich, The output of the command Get-MailboxDatabase | select identity was: ServerName\First Storage Group\Mailbox DatabaseSo should my original command be add-ADPermission -identity "ServerName\First Storage Group\Mailbox Database" -user "admin_srv_migration" -ExtendedRights Receive-As ?thanks, paddy ryan

Rich, if it is that right command i'm still getting an error: Add-ADPermission : servername\First Storage Group was not found. Please make sure you have typed it correctly.I've tried the command: add-ADPermission -identity "servername\First Storage Group\Mailbox Database" -user "admin_srv_migration" -ExtendedRights Receive-Asand: add-ADPermission -identity "servername\First Storage Group" -user "admin_srv_migration" -ExtendedRights Receive-Asboth return the error: Add-ADPermission : servername\First Storage Group was not found. Please make sure you have typed it correctly.any ideas?paddy ryan

Rich, if it is that right command i'm still getting an error: Add-ADPermission : servername\First Storage Group was not found. Please make sure you have typed it correctly.I've tried the command: add-ADPermission -identity "servername\First Storage Group\Mailbox Database" -user "admin_srv_migration" -ExtendedRights Receive-Asand: add-ADPermission -identity "servername\First Storage Group" -user "admin_srv_migration" -ExtendedRights Receive-Asboth return the error: Add-ADPermission : servername\First Storage Group was not found. Please make sure you have typed it correctly.any ideas? paddy ryan Try Mailbox or Mailbox Database:Example on a Mailbox Database:Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-AsMore information:"How to allow Mailbox Access" http://technet.microsoft.com/en-us/library/aa996343(EXCHG.80).aspxYou should be able to pipe also. Example:To add to all Databases on all Exchange 2007 Servers in your Org:Get-MailboxServer | Add-ADPermission -User "Trusted User" -ExtendedRights Receive-AsTo add to all 2007 Databases in your Org, when inheritance has been dissallowed for whatever reason:Get-MailboxDatabase | Add-ADPermission -User "Trusted User" -ExtendedRights Receive-AsOliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

Please use the cmdlets below: Get-Mailbox -Database "Mailbox Database" | Add-ADPermission -User "admin_srv_migration" -AccessRights extendedright -ExtendedRights "Receive-As"James Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

oliver, i tried the commands you suggested but they didn't work paddy ryan

James, The output of: Get-Mailbox -Database "Mailbox Database" | Add-ADPermission -User "admin_srv_migration" -AccessRights extendedright -ExtendedRights "Receive-As"generates the following error: Add-ADPermission : Failed to resolve the specified user or group "admin_srv_migration." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust."At line:1 char:60The account does exist however, i've confirmed that through AD users and computers. thoughts? paddy ryan

You changed "Trusted User" to your Group right?OliverOliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

Hi,Look in the Exchange Management Console under Recipient Configuration | Distribution Group | and locate your required Group here. Take note of the Display Name here and use that in the commandGet-Mailbox -Database "Mailbox Database" | Add-ADPermission -User "The Display Name Here" -AccessRights extendedright -ExtendedRights "Receive-As"OliverOliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

Hi,Look in the Exchange Management Console under Recipient Configuration | Distribution Group | and locate your required Group here. Take note of the Display Name here and use that in the commandGet-Mailbox -Database "Mailbox Database" | Add-ADPermission -User "The Display Name Here" -AccessRights extendedright -ExtendedRights "Receive-As"Oliver Oliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com | Oliver, what group are you referring to?I want to give the AD account "admin_srv_migration_e6int" Receive As rights on every mailbox in the "First Storage Group" on my Exc 2007 server. I use the command: Get-Mailbox -Database "Mailbox Database" | Add-ADPermission -User "admin_srv_migration_e6int" -AccessRights extendedright -ExtendedRights "Receive-As"However i get the error: Add-ADPermission : Failed to resolve the specified user or group "admin_srv_migration_e6int." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust."The account admin_srv_migration_e6int exists in AD. Thoughts?paddy ryan

Apologies I was in Group mode with some Exchange 2010 stuff i'm working on at the moment :-)Is the account Mailbox Enabled? What is it's DisplayName in Recipient Configuration | MailboxUse this in the command. If for example the result is The Display Name Here:Get-Mailbox -Database "Mailbox Database" | Add-ADPermission -User "The Display Name Here" -AccessRights extendedright -ExtendedRights "Receive-As"OliverOliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |

Apologies I was in Group mode with some Exchange 2010 stuff i'm working on at the moment :-)Is the account Mailbox Enabled? What is it's DisplayName in Recipient Configuration | MailboxUse this in the command. If for example the result is The Display Name Here:Get-Mailbox -Database "Mailbox Database" | Add-ADPermission -User "The Display Name Here" -AccessRights extendedright -ExtendedRights "Receive-As"Oliver Oliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com | Ok I mail enabled the account and the command seem to work. It gave me the output: Identity User Deny Inherited Rights-------- ---- ---- --------- ------e6int.com/Group I... E6\admin_srv_migr... False False Receive-Ase6int.com/GBTEC/O... E6\admin_srv_migr... False False Receive-AsHowever If i look at the security | advanced properties of one of the mailboxes it doesn't show the account i just gave the receive as right to. Should it show it?Is there a command i can run to see what extended rights a mailbox has had applied to it?thanks again. paddy ryan

On Tue, 26-Jan-10 08:45:37 GMT, paddyryan wrote:>Rich, if it is that right command i'm still getting an error: Add-ADPermission : servername\First Storage Group was not found. Please make sure you have typed it correctly.I've tried the command: add-ADPermission -identity "servername\First Storage Group\Mailbox Database" -user "admin_srv_migration" -ExtendedRights Receive-Asand: add-ADPermission -identity "servername\First Storage Group" -user "admin_srv_migration" -ExtendedRights Receive-Asboth return the error: Add-ADPermission : servername\First Storage Group was not found. Please make sure you have typed it correctly.any ideas?Okay . . . assuming that "Mailbox Database" is the name of thedatabase, and that it's unique among all the mailbox databases in yourExchange organization, try this (running it on the Exchange server):get-mailboxdatabase "mailbox database" | add-adpermission etc.---Rich MatheisenMCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Quote: “Is there a command i can run to see what extended rights a mailbox has had applied to it?” Get-ADPermission shall get you the output of granted permissions on the usersJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

However If i look at the security | advanced properties of one of the mailboxes it doesn't show the account i just gave the receive as right to. Should it show it?thanks again. paddy ryan There are two copies of the security descriptor that holds receive-as, one in the AD and one on the mailbox in the store. They are typically out of sync temporarily if you make a change, especially if you make a change to the AD while the mailbox is not logged into. If you logon to the mailbox and then look at the properties, I suspect you'd see the updated information. It should update from the AD to the store upon logon.-aseigler