Change permissions on multiple Exchange Mailboxes


How can you do this either with the shell or GUI? I want to change permissions on all mailboxes, but the Add-MailboxPermission cmdlet won't let me use * for the mailbox name... I have to type out each one. :(

This is Exchange 2010 btw.
LVL 12
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Add-MailboxPermission won't, but Get-Mailbox will :)


Get-Mailbox | Add-MailboxPermission ....


Get-Mailbox | ForEach-Object { Add-MailboxPermission $_.DistinguishedName ... }

One of those should play quite nicely without silly typing requirements :)


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PugglewuggleAuthor Commented:
Do you have any Ms docs where I can get info on those commands? Particularly the dist name syntax?
Chris DentPowerShell DeveloperCommented:

It's all built in:

Get-Help Get-Mailbox
Get-Help ForEach-Object -Full | more
Get-Help Add-MailboxPermission

That doesn't necessarily help you fit it together, to get that far you have to know a little PowerShell, and a little about Active Directory.

First we need $_: $_ is the current object in the pipeline. That is, when you have a list of people from Get-Mailbox and you start a loop (as we've done above) then $_ is the current entry. The snippet will loop through each of the results, one at a time, running Add-MailboxPermission for each of them.

In the context of the snippet above we're taking a property from Get-Mailbox, DistinguishedName, and passing it onto Add-MailboxPermission. DistinguishedName is useful because it is one of a number of unique identifiers for objects in Active Directory (others include both versions of the username, the account GUID, or Globally Unique Identifier, and SID, or Security Identifier).

Check out the result of this to see how I knew Distinguished Name was there to pick on:

Get-Mailbox "You" | Format-List *

PowerShell (the language the Exchange Command Shell uses) is an advanced .NET based scripting language. It's rather complex, if you wish to learn about that you might look at these:

Mastering PowerShell (Dr. Tobias Weltner, free ebook):
PowerShell Cookbook (Lee Holmes, 2nd Edition):
PowerShell in Action (Bruce Payette):

General Resources:

PowerShell survival guide:

User Groups:

Virtual PowerShell Group (IRC based discussion channel):

Well worthwhile in my opinion, but I do hog the questions on that particular subject :)

CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

If you are going to admin Exchange 2007/2010, you are going to have to get very familiar with the Exchange Command Shell because 90% of what you will be doing is all done via command line.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.