Solved

exchange 2010 global viewing of calendar and email boxes.

Posted on 2010-08-16
7
456 Views
Last Modified: 2012-05-10
I have recently upgraded my exchange server to 2010 and now after decomissioning my exchange 2003 server I am starting to get huge requests that certain groups can no longer see calendars or inboxes of mailboxes they used to be able to and with using AD 2003 the exchange tabs no longer exist. I can go in through outlook and change the permissions on calendars (as a temp fix) but I really need to find out how to set up:

1.) certain groups to be able to see and adjust certain email boxes and calendars.
2.) certain users need to be able to open all email accounts through a seperate outlook profile using only thier credentials.

I was hoping to use the same thought process I did for the backupexec user that backs up all the email boxes but when trying to use that user through outlook it just fails on authentication.

thanks to any and all pointers and help in advance.
0
Comment
Question by:cisco_idiot
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33447631
you need to use the add-mailboxpermission cmdlet or the exchange management console manage full access permissions
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33447638
for accounts that have access to everything you can use
get-mailboxdatabase | add-adpermission -extendedrights receive-as,sendas -user backupexec
0
 

Author Comment

by:cisco_idiot
ID: 33448580
Thank you Endital,

the add-mailbox permissions works perfectly for all the individual ones I need to fix. but the add-adpermission seems to be missing something for me when a privledged user tries to open up outlook with the profile for the other user I get the error "cannot open your default e-mail folders. the attempt to log on to microsoft exchange has failed" I can get around this with either the add-mailbox permissions or full access permissions.

could I use the command:
get-mailbox | add-mailboxpermission -user 'domain\admin group' -accessrights 'fullaccess'
?

I think this would be a quick fix but the next time I add a user I would need to do the same thing for each user.

I was looking for all the variables for extended right but can't seem to find them.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 32

Accepted Solution

by:
endital1097 earned 500 total points
ID: 33448639
as long as you didn't get any errors, you may just need to wait for the information store to refresh which can take up to 2 hours

by setting this ad permission at the database level, any new mailboxes will inherit the permission

correction for above
send-as not sendas
0
 

Author Comment

by:cisco_idiot
ID: 33448786
ok I'll give it a couple of hours. and yeah I caught the send-as my typing is horrible so no worries.

what I got as a response was.

get-mailboxdatabase | add-adpermission -extendedrights Receive-as,send-as -user "email admins"

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
Mailbox Database ... domain\email Admins     False False
Mailbox Database ... domain\email Admins     False False
Terminated employees domain\email Admins     False False
Terminated employees domain\email Admins     False False

it didn't say it had any errors so I am assuming it is good.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33448797
yes, you should be good
if you run it again you should get a warning that no changes were made
0
 

Author Closing Comment

by:cisco_idiot
ID: 33449069
Perfect and concise
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't know how to downgrade, my instructions below should be helpful.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now