Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1082
  • Last Modified:

Copy exchnage database permissions with ADSIEdit

After creating a new mailstore in exchange 2010 I would normally use ADSI Edit to add the permissions for the BES and the backup software account manually.

Is there  a way to copy the permissions from the existing mailstore to the new one with out having to manually open it in adsi-edit?
0
BMI-IT
Asked:
BMI-IT
  • 2
  • 2
1 Solution
 
tigermattCommented:
>> Is there  a way to copy the permissions from the existing mailstore to the new one with out having to manually open it in adsi-edit?

No way to "copy" permissions like you describe, but an alternative would be to set the necessary permissions "higher" in the tree - at the organization level - so the BES and backup software can always access any mail store you create.

I also would not recommend you use ADSIEdit for this procedure. Everything can be achieved using the Exchange Management Shell, and that environment is MUCH safer for this purpose.

I would also, as a best practice, use a security group, grant the permissions to the group and then put the BES and backup service user accounts into that group.

I don't know what permissions you want these application service users to have, but here's how to grant them full control at both levels:

At the Mailbox Database level:
Get-MailboxDatabase "DB NAME" | Add-ADPermission -User DOMAIN\MyUserOrGroupName -AccessRights FullControl

Open in new window

At the Organization level:
Get-OrganizationConfig | Add-ADPermission -User DOMAIN\MyUserOrGroupName -AccessRights FullControl

Open in new window

Those examples show how to grant full control - DO NOT give full control if your applications don't need it. If you set the permissions at the organization level, that IS very high in the AD structure, so be sure to document that modification too.

-Matt
0
 
BMI-ITAuthor Commented:
Ahh I see,  for the Besadmin account I need to add Send As, Receive As, and Administer Information Store for the new mailstore I created
0
 
tigermattCommented:

If you want to grant that at the mailbox store level, the following command will do the trick:

Get-MailboxDatabase "DB NAME" | Add-ADPermission -user DOMAIN\BESAdmin -ExtendedRight Send-As,Receive-As,ms-Exch-Store-Admin

Open in new window


-Matt
0
 
BMI-ITAuthor Commented:
That did the trick  thank you :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now