Solved

check to see if domain admins have receive as permission

Posted on 2012-04-10
5
480 Views
Last Modified: 2012-05-12
Hi all,

I am trying to find out if domain admins have the receive-as permission by running the following command:
get-mailboxdatabase |get-adpermission -user "domain admins"

I get the following error:
There are multiple users/groups matching the identity domain admins".  plase specify a unique value.

Am I doing something incorrectly?

I have an Exchange 2007 SP3
0
Comment
Question by:annayeg
  • 4
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37830036
Your trying to get the ad permissions on a group, you can NOT do that. Only one user at a time as it explains.

You can use something like....

Get-Mailbox -Server “ESS-Exch702¿ - database "DBName" | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | ft -wrap
0
 
LVL 1

Author Comment

by:annayeg
ID: 37830266
When I run the get-adpermission on a user, my domain admins have genericALL rights on all the users.  Is it in adpermission that you allow or deny mailboxpermissions?

Sorry, I am all over the map.   Basically, I am trying to find out what kind of permissions do domain admins have so I can remove the full mailbox permsisions.   So far, I am seeing Accessrights GenericAll.  If I remove the Accessright GenericAll would that remove their permissions from accessing all the mailboxes?

Thanks
0
 
LVL 1

Author Comment

by:annayeg
ID: 37856968
i am trying to test it with one mailbox but I still get the "there are multiple users/groups matching the identity "domain admins.  Please specify a unique value"


get-mailbox -identity  latrain |remove-adpermission  -user "domain admins" -accessrights genericall

Any suggestion how I can accomplish this?
Thanks
0
 
LVL 1

Accepted Solution

by:
annayeg earned 0 total points
ID: 37939548
get-mailbox - database "servername\databasename" |add-mailboxpermission -user "distinguished name of the domain admins" -denyu -accessrights -fullaccess

This did the trick.
0
 
LVL 1

Author Closing Comment

by:annayeg
ID: 37960029
This solved my problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question