Link to home
Create AccountLog in
Avatar of Troy-Matt
Troy-Matt

asked on

Require 'super user' access to user mailboxes in Exchange 2013

We have a software solution that requires access to users mailboxes via a service account.  This service leverages IMAP4 to change read status, delete, add messages to users mailboxes.  
In earlier iterations of exchange (2003, Exchange 5), we were able to simply add 'full control' to the mailbox store through the exchange console GUI.
In exchange 2007 and 2010 we had to add the permissions via powershell commandlets.  These were: (to enable IMAP on all users) Get-mailbox<>|<>Set-CASMailbox<>–ImapEnabled:$true, and then (to add access for the super user)
  Get-Mailbox<>|<>Add-ADPermission<>-User<>'%superuser%'<>-ExtendedRights<>'Send-as'<>-InheritanceType<>All, and finally
 Get-Mailbox<>|<>Add-MailboxPermission<>-User '%superuser%'<>-AccessRights<>'FullAccess'<>-InheritanceType<>All

I have tried several commandlets that Technet offers up to do this, but they didn't work.  Any help would be great.  I have applied Security rollup update 1 to the server and it appears that I lost the management console (maybe it was never there), so I have no GUI available.  We have been on Google Apps for the last 2 years, and I retired my Exchange 2003 server, so I am pretty rusty on Exchange (especially moving into 2010 and 2013).

Thanks in advance,

Troy
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image

In 2013, the management console is replaced by a web interface, the Exchange Admin Center. For more info review this:

http://technet.microsoft.com/en-us/library/jj150562(v=exchg.150).aspx

As for the permissions, the example above for the FullAccess is correct, it shouldn't give you any error. Alternatively, you can give permissions from the EAC: navigate to mailboxes, double-click on the mailbox in question, go to mailbox delegation and adjust the permissions.

It might be easier if you simply add Receive as permissions to the database instead:

http://technet.microsoft.com/en-us/library/jj898489(v=exchg.150).aspx
SOLUTION
Avatar of James Hodge
James Hodge
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Troy-Matt
Troy-Matt

ASKER

Thank you both for your suggestions, but neither worked.  I see all the proper rights (now using ecp), but it still wont allow access via IMAP.
I verify basic connections via telnet port 143 (I have it set to allow non-ssl connections, and pwd is being sent as plain text).  We used to use (after connecting via telnet port 143):
domain.com\superuser\mailbox superuser_password.  It fails, however, I can login with domain.com\mailbox mailbox_password.
I use the web interface and login with user1, it cannot open other users mailboxes, but if I login with the superuser, I can open the other users mailboxes.
Is there any chance some one can confirm that its possible with IMAP?  Exchange Server 2007 had a bug that was fixed just before SP1 that behaved the same as this.

Best regards,

T
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
On Vacation now, but will try when I get in the office on Monday next week.