Granting permissions AD group full access exchange 2010

Greetings I am somewhat confused about an issue in Exchange 2010. I am an Admin I would like to be able to run a command on a group in AD and allow this group to have Full Access to all the mailboxes without having to provide full access to the mailbox manually. Problem is we are currently providing full access to the mailbox manually everytime and then removing access on our personal admin accounts, performing the maintenance and then removing ourselves.

I have read a couple of things and somewhat interested in why you would not do this to a group rather than a database specified below. Again, I would like to not have to provide myself full access to the mailbox everytime I need to do some work. If someoene could provide the command I would be appreciative, thanks

Get-MailboxDatabase -identity "SERVERNAME\First Storage Group\Mailbox Database" | Remove-ADPermission -user administrator -ExtendedRights Receive-As, Send-As

Get-MailboxDatabase -identity “[mailbox database name]” | Add-ADPermission -user [username] -AccessRights GenericAll
techdriveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

piattndCommented:
If you want to issue rights for all mailboxes, I'd do it at the mailbox database level as they've suggested in the get mailbox command.  If you do it at the mailbox database level, any mailbox added to that database (or other databases you add permissions to) will receive the same permission set.

In exchange 2003 you could also issue those permissions higher up in the structure.  Search through your structure to see if there is a location higher in the structure where you can issue those permissions and allow them to flow down via inheritance.
0
stu29Commented:
What are you trying to achieve when you grant full control to the mailboxes?  Have you looked to see if you can achieve the same thing with RBAC Groups?

http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-2010-role-based-access-control-part1.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
techdriveAuthor Commented:
No this was done with Exchange 2007 also. On every mailbox even the ones created after the command was ran gave the group full access to the mailbox.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.