• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 778
  • Last Modified:

Default Full mailbox permission for new Exchange 2007 mailboxes

I'd like to give a particular group, for example, "EXCHAdmins", full mailbox access to all new mailboxes created on our Exchange 2007 SP1 server.  I know this has to be possible because we already have some groups that show up automatically under full mailbox permissions but this was done before I started and no one seems to remember how that was done.  I can currently add the full mailbox permission via Exchange Management Console or Exchange shell once the mailbox is created, but I'd like to be able to have this happen automatically.  One possible suggestion I got was to grant ReceiveAs permissions on the mailbox databases, but this does not seem to work.  Thanks for the help.
1 Solution
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Get-MailboxDatabase | Add-ADPermission -User "domain admins" -ExtendedRights Receive-As -InheritanceType All
Get-MailboxDatabase | Add-ADPermission -User "domain admins" -ExtendedRights Send-As -InheritanceType All

Change the "domain admins" user with the group or user you want to have full access.

MS has separated things out so much with 2K7, I don't believe this is possible to do automatically JManter. I have to do this manually, even though I'm an Enterprise Admin and full Exchange Admin. In Legacy versions, adding a user to the Exchg Admin group was enough, but in 2K7 I have found that I have to run the Shell command to be able to manage other user mailboxes. You can wait for someone else to post to see if I'm not entirely correct, but I actually posted a question on here last year on how to set this up since it was 'automatic' in legacy versions, and the answer I got (after he provided the Shell command) was that this will have to be a manual process.
(see my EE post from Jun 08: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23441912.html)

How to Allow Mailbox Access

We would need to do this manually.
However to grant full access to all the mailboxes in a single shot, run the following command:
Get-Mailbox | AddMailboxPermission -User 'domain\EXCHAdmins' -AccessRights 'FullAccess'
JManter_IAAuthor Commented:
Those were the commands I was running, except was missing the InheritanceType.  Works now, thanks.  Still having a problem accessing the mailboxes via webmail, but that will be a new question for another day.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now