Default Full mailbox permission for new Exchange 2007 mailboxes

Posted on 2009-04-29
Last Modified: 2012-05-06
I'd like to give a particular group, for example, "EXCHAdmins", full mailbox access to all new mailboxes created on our Exchange 2007 SP1 server.  I know this has to be possible because we already have some groups that show up automatically under full mailbox permissions but this was done before I started and no one seems to remember how that was done.  I can currently add the full mailbox permission via Exchange Management Console or Exchange shell once the mailbox is created, but I'd like to be able to have this happen automatically.  One possible suggestion I got was to grant ReceiveAs permissions on the mailbox databases, but this does not seem to work.  Thanks for the help.
Question by:JManter_IA
    LVL 24

    Accepted Solution

    Get-MailboxDatabase | Add-ADPermission -User "domain admins" -ExtendedRights Receive-As -InheritanceType All
    Get-MailboxDatabase | Add-ADPermission -User "domain admins" -ExtendedRights Send-As -InheritanceType All

    Change the "domain admins" user with the group or user you want to have full access.

    LVL 40

    Expert Comment

    MS has separated things out so much with 2K7, I don't believe this is possible to do automatically JManter. I have to do this manually, even though I'm an Enterprise Admin and full Exchange Admin. In Legacy versions, adding a user to the Exchg Admin group was enough, but in 2K7 I have found that I have to run the Shell command to be able to manage other user mailboxes. You can wait for someone else to post to see if I'm not entirely correct, but I actually posted a question on here last year on how to set this up since it was 'automatic' in legacy versions, and the answer I got (after he provided the Shell command) was that this will have to be a manual process.
    (see my EE post from Jun 08:

    LVL 6

    Expert Comment

    How to Allow Mailbox Access

    We would need to do this manually.
    However to grant full access to all the mailboxes in a single shot, run the following command:
    Get-Mailbox | AddMailboxPermission -User 'domain\EXCHAdmins' -AccessRights 'FullAccess'

    Author Closing Comment

    Those were the commands I was running, except was missing the InheritanceType.  Works now, thanks.  Still having a problem accessing the mailboxes via webmail, but that will be a new question for another day.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Suggested Solutions

    Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now