Granting permissions AD group full access exchange 2010

Posted on 2013-09-18
Medium Priority
Last Modified: 2013-10-02
Greetings I am somewhat confused about an issue in Exchange 2010. I am an Admin I would like to be able to run a command on a group in AD and allow this group to have Full Access to all the mailboxes without having to provide full access to the mailbox manually. Problem is we are currently providing full access to the mailbox manually everytime and then removing access on our personal admin accounts, performing the maintenance and then removing ourselves.

I have read a couple of things and somewhat interested in why you would not do this to a group rather than a database specified below. Again, I would like to not have to provide myself full access to the mailbox everytime I need to do some work. If someoene could provide the command I would be appreciative, thanks

Get-MailboxDatabase -identity "SERVERNAME\First Storage Group\Mailbox Database" | Remove-ADPermission -user administrator -ExtendedRights Receive-As, Send-As

Get-MailboxDatabase -identity “[mailbox database name]” | Add-ADPermission -user [username] -AccessRights GenericAll
Question by:techdrive
LVL 12

Assisted Solution

piattnd earned 500 total points
ID: 39503451
If you want to issue rights for all mailboxes, I'd do it at the mailbox database level as they've suggested in the get mailbox command.  If you do it at the mailbox database level, any mailbox added to that database (or other databases you add permissions to) will receive the same permission set.

In exchange 2003 you could also issue those permissions higher up in the structure.  Search through your structure to see if there is a location higher in the structure where you can issue those permissions and allow them to flow down via inheritance.

Accepted Solution

stu29 earned 500 total points
ID: 39503453
What are you trying to achieve when you grant full control to the mailboxes?  Have you looked to see if you can achieve the same thing with RBAC Groups?


Author Comment

ID: 39541878
No this was done with Exchange 2007 also. On every mailbox even the ones created after the command was ran gave the group full access to the mailbox.

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Let us take a look at the scenario, you have a database that is corrupt and you run the ESEUTIL command only to find you are unable to repair it. How do you now get the data back?
A method of moving multiple mailboxes (in bulk) to another database in an Exchange 2010/2013/2016 environment...
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
To export Lotus Notes to Outlook PST or Exchange and Domino Server files to Exchange Server or PST files with ease, go for Kernel for Lotus Notes to Outlook conversion tool. Through the video, you can watch the conversion process. A common user with…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question