Troy-Matt
asked on
Require 'super user' access to user mailboxes in Exchange 2013
We have a software solution that requires access to users mailboxes via a service account. This service leverages IMAP4 to change read status, delete, add messages to users mailboxes.
I have tried several commandlets that Technet offers up to do this, but they didn't work. Any help would be great. I have applied Security rollup update 1 to the server and it appears that I lost the management console (maybe it was never there), so I have no GUI available. We have been on Google Apps for the last 2 years, and I retired my Exchange 2003 server, so I am pretty rusty on Exchange (especially moving into 2010 and 2013).
Thanks in advance,
Troy
In earlier iterations of exchange (2003, Exchange 5), we were able to simply add 'full control' to the mailbox store through the exchange console GUI.
In exchange 2007 and 2010 we had to add the permissions via powershell commandlets. These were: (to enable IMAP on all users) Get-mailbox<>|<>Set-CASMai lbox<>–Ima pEnabled:$ true, and then (to add access for the super user)
Get-Mailbox<>|<>Add-ADPerm ission<>-U ser<>'%sup eruser%'<> -ExtendedR ights<>'Se nd-as'<>-I nheritance Type<>All, and finally
Get-Mailbox<>|<>Add-Mailbo xPermissio n<>-User '%superuser%'<>-AccessRigh ts<>'FullA ccess'<>-I nheritance Type<>All
Get-Mailbox<>|<>Add-ADPerm
Get-Mailbox<>|<>Add-Mailbo
I have tried several commandlets that Technet offers up to do this, but they didn't work. Any help would be great. I have applied Security rollup update 1 to the server and it appears that I lost the management console (maybe it was never there), so I have no GUI available. We have been on Google Apps for the last 2 years, and I retired my Exchange 2003 server, so I am pretty rusty on Exchange (especially moving into 2010 and 2013).
Thanks in advance,
Troy
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thank you both for your suggestions, but neither worked. I see all the proper rights (now using ecp), but it still wont allow access via IMAP.
I verify basic connections via telnet port 143 (I have it set to allow non-ssl connections, and pwd is being sent as plain text). We used to use (after connecting via telnet port 143):
domain.com\superuser\mailb ox superuser_password. It fails, however, I can login with domain.com\mailbox mailbox_password.
I use the web interface and login with user1, it cannot open other users mailboxes, but if I login with the superuser, I can open the other users mailboxes.
Is there any chance some one can confirm that its possible with IMAP? Exchange Server 2007 had a bug that was fixed just before SP1 that behaved the same as this.
Best regards,
T
I verify basic connections via telnet port 143 (I have it set to allow non-ssl connections, and pwd is being sent as plain text). We used to use (after connecting via telnet port 143):
domain.com\superuser\mailb
I use the web interface and login with user1, it cannot open other users mailboxes, but if I login with the superuser, I can open the other users mailboxes.
Is there any chance some one can confirm that its possible with IMAP? Exchange Server 2007 had a bug that was fixed just before SP1 that behaved the same as this.
Best regards,
T
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
On Vacation now, but will try when I get in the office on Monday next week.
http://technet.microsoft.com/en-us/library/jj150562(v=exchg.150).aspx
As for the permissions, the example above for the FullAccess is correct, it shouldn't give you any error. Alternatively, you can give permissions from the EAC: navigate to mailboxes, double-click on the mailbox in question, go to mailbox delegation and adjust the permissions.
It might be easier if you simply add Receive as permissions to the database instead:
http://technet.microsoft.com/en-us/library/jj898489(v=exchg.150).aspx