Solved

check to see if domain admins have receive as permission

Posted on 2012-04-10
5
473 Views
Last Modified: 2012-05-12
Hi all,

I am trying to find out if domain admins have the receive-as permission by running the following command:
get-mailboxdatabase |get-adpermission -user "domain admins"

I get the following error:
There are multiple users/groups matching the identity domain admins".  plase specify a unique value.

Am I doing something incorrectly?

I have an Exchange 2007 SP3
0
Comment
Question by:annayeg
  • 4
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37830036
Your trying to get the ad permissions on a group, you can NOT do that. Only one user at a time as it explains.

You can use something like....

Get-Mailbox -Server “ESS-Exch702¿ - database "DBName" | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | ft -wrap
0
 
LVL 1

Author Comment

by:annayeg
ID: 37830266
When I run the get-adpermission on a user, my domain admins have genericALL rights on all the users.  Is it in adpermission that you allow or deny mailboxpermissions?

Sorry, I am all over the map.   Basically, I am trying to find out what kind of permissions do domain admins have so I can remove the full mailbox permsisions.   So far, I am seeing Accessrights GenericAll.  If I remove the Accessright GenericAll would that remove their permissions from accessing all the mailboxes?

Thanks
0
 
LVL 1

Author Comment

by:annayeg
ID: 37856968
i am trying to test it with one mailbox but I still get the "there are multiple users/groups matching the identity "domain admins.  Please specify a unique value"


get-mailbox -identity  latrain |remove-adpermission  -user "domain admins" -accessrights genericall

Any suggestion how I can accomplish this?
Thanks
0
 
LVL 1

Accepted Solution

by:
annayeg earned 0 total points
ID: 37939548
get-mailbox - database "servername\databasename" |add-mailboxpermission -user "distinguished name of the domain admins" -denyu -accessrights -fullaccess

This did the trick.
0
 
LVL 1

Author Closing Comment

by:annayeg
ID: 37960029
This solved my problem.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now