(note - this discussion is NOT about the MailboxPermission command nor OWA. I am aware of those issues.) We had assigned the ADPermission rights to individual admin user names using:Get-MailboxDatabase -server "exchange server name" | Add-ADPermission -user "the admins name" -ExtendedRights Receive-As, etc. But this has two things I'd like to improve.I want to assign a group, not individual admin's names.I want the permissions higher up. Using 'mailboxdatabase' will set the permissions on all the existing databases in the storage groups. You can see this in ADSI Edit. So if you create a new storage group or new database the permissions don'tget inherited.Instead, I want the permissions set on the mail server name (in this case the server name would be the cluster name of the exchange services in microsoft cluster administrator)Of course I could just try doing this in ADSI edit, but that should not be the proper way of setting rights. So my question is....would the following command work? Add-ADPermission -Identity "xmailcluster" -Group "ExchangeAdmins" -ExtendedRights Receive-As, etc. where: "xmailcluster" is the name of the exchange serverwhere: "ExchangeAdmins" is the name of a universal security group in Active Directory I'm hoping that -Group can be used, and that the security permissions in ADSI edit actually shows up on the server name object.

OK, I can solve the permission level in ADSI edit by changing the first part of the command to this:Get-MailboxServer "xmailcluster" | Add-ADPermission - .................That will set security on the server object above the info store/storage groups.But can someone solve the group idea instead of using -User "username" ?