?
Solved

check to see if domain admins have receive as permission

Posted on 2012-04-10
5
Medium Priority
?
484 Views
Last Modified: 2012-05-12
Hi all,

I am trying to find out if domain admins have the receive-as permission by running the following command:
get-mailboxdatabase |get-adpermission -user "domain admins"

I get the following error:
There are multiple users/groups matching the identity domain admins".  plase specify a unique value.

Am I doing something incorrectly?

I have an Exchange 2007 SP3
0
Comment
Question by:annayeg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37830036
Your trying to get the ad permissions on a group, you can NOT do that. Only one user at a time as it explains.

You can use something like....

Get-Mailbox -Server “ESS-Exch702¿ - database "DBName" | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | ft -wrap
0
 
LVL 1

Author Comment

by:annayeg
ID: 37830266
When I run the get-adpermission on a user, my domain admins have genericALL rights on all the users.  Is it in adpermission that you allow or deny mailboxpermissions?

Sorry, I am all over the map.   Basically, I am trying to find out what kind of permissions do domain admins have so I can remove the full mailbox permsisions.   So far, I am seeing Accessrights GenericAll.  If I remove the Accessright GenericAll would that remove their permissions from accessing all the mailboxes?

Thanks
0
 
LVL 1

Author Comment

by:annayeg
ID: 37856968
i am trying to test it with one mailbox but I still get the "there are multiple users/groups matching the identity "domain admins.  Please specify a unique value"


get-mailbox -identity  latrain |remove-adpermission  -user "domain admins" -accessrights genericall

Any suggestion how I can accomplish this?
Thanks
0
 
LVL 1

Accepted Solution

by:
annayeg earned 0 total points
ID: 37939548
get-mailbox - database "servername\databasename" |add-mailboxpermission -user "distinguished name of the domain admins" -denyu -accessrights -fullaccess

This did the trick.
0
 
LVL 1

Author Closing Comment

by:annayeg
ID: 37960029
This solved my problem.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question