Solved

exchange 2016 mailbox permissions issue

Posted on 2016-09-28
2
20 Views
Last Modified: 2016-10-18
Hello,

First, let me say I am not an Exchange Expert. I never really used Exchange from the admin point of view until I started working here almost five years ago.
Our company produces products that work with exchange. Currently we use MAPI to communicate with the Exchange servers. In order to do this, we apply the following commands on the exchange server to give the service account permission to read the mailboxes as our products run as a service.

Add-ExchangeAdministrator -Role ViewOnlyAdmin -Identity domain\
"Service Account"

Get-MailboxDatabase | Add-ADPermission -AcccessRights GenericRead
-User "Service Account"

Get-MailboxDatabase | Add-ADPermission -AccessRights ExtendedRight
-User "Service Account"



This all worked fine in Exchange 2010, and in a mixed 2010/2013 environment. Now that 2016 has come out, we have created a mixed 2013/2016 environment, all running on Server 2012 R2. These three commands no longer give the service account read access.

The commands execute without error, however we are getting MAPI errors..”Failed to open the users mailbox”.  We get our MAPI component from installing Outlook, in this case Outlook 2013.

After using the commands, I have restarted the Information Store, heck I have even rebooted the Exchange server.

I have been able to get the service account to traverse the mailboxes by applying full access, and by applying read access to the “root” folder of the users mailbox (add-mailboxfolderpermission).

Has Exchange 2013 and 2016 changed enough to make these steps no longer work?

I considered just using the add-mailboxfolderpermission cmdlet, but some customers don’t like change and some are skittish about granting permissions at all. I imaging some can’t due to HIPPA, Data protection laws, etc. But if that is what is it going to take, then so be it.

Also, it is not practical to add other mailboxes to the Outlook profile, since our products need access to the whole organizations mailboxes.

If you need any commands issued for more information, please sends the commands as well. Like I said, I’m not an expert, but for as much as I have been working on it, I sure have learned plenty. I have pretty much been upside down, head first in exchange and have come up with nothing.

Any help is greatly appreciated, as I am at my wits end with this.



S
0
Comment
Question by:Steve hu
  • 2
2 Comments
 
LVL 36

Accepted Solution

by:
Jian An Lim earned 500 total points (awarded by participants)
ID: 41821421
MAPI/CDO no longer available on Exchange 2016
https://technet.microsoft.com/en-us/library/jj619283(v=exchg.160).aspx

so if your product are rely on MAPI/CDO (usually) then it will just no longer work.
EWS/REST api is the way forward.

Also, WEBDAV no longer exist after Exchange 2010.

Again, I don't know your product well enough to determine which protocol you are using
0
 
LVL 36

Expert Comment

by:Jian An Lim
ID: 41847966
provided input to it's issue.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
If you don't know how to downgrade, my instructions below should be helpful.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now