Exchange 2010 Full Access issue

I am in the process of moving over from my dinosaur Exchange 2003 server to Exchange 2010 and one of the things I cam across is the inability to access users mailboxes as I did on 2003. I see that I can grant Full Access to a mailbox and I will be able to then mount it in Outlook, but when I remove it the Mailbox still remains mounted.  The only way I have been able to remove it is to remove the ACL Full Access from that mailbox.  Is this normal behavior?

Also I need to grant a group Full access to all mailboxes.  How can I accomplish that as well.

LVL 27
yo_beeDirector of Information TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
in 2010, if you give someone full access to a mailbox, it will appear automatically in outlook
remove it and it goes away automatically; different from 2003
yo_beeDirector of Information TechnologyAuthor Commented:
So how to you give users (Exchange Admins) rights to access the mailbox, but remove it when needed?
Will SzymkowskiSenior Solution ArchitectCommented:
Auto-mapping feature is enabled by default. If you want to disable it you can do this on a per mailbox basis. Use the following command...
Add-MailboxPermission -Identity <alias> -User <user1> -AccessRights FullAccess -InheritanceType All -Automapping $false

Open in new window

You can enable full mailbox permissions on the server through active directory
- Open ADUC
- Ensure that View Advanced Features is Enabled
- Find the Exchange Server in ADUC
- Right click, Properties
- Click on the Security Tab
- Advanced Settings
- Change Permissions button
- Click the Add button
- Add the Group or User
- Apply the Full Access (which will apply to all mailboxes on this server)

Any existing mailboxes and new mailboxes created will have the New Group or User with Full Mailbox Permissions applied.

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

yo_beeDirector of Information TechnologyAuthor Commented:
@Will is there a PS command that does the same as what you describe in ADUC?
Will SzymkowskiSenior Solution ArchitectCommented:
Yes you can use the command below.

Get-MailboxDatabase | Add-ADPermission -User <username> -AccessRights GenericAll

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yo_beeDirector of Information TechnologyAuthor Commented:
Does that need the -Automapping $false or is that the same if you used the GUI?
yo_beeDirector of Information TechnologyAuthor Commented:
Thank you for the help.
yo_beeDirector of Information TechnologyAuthor Commented:
I just had to use the Add-MaiBoxPermission  command to access the account when outside of my profile in Outlook.
Is this normal behavior?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.