Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

exchange 2016 mailbox permissions issue

Posted on 2016-09-28
2
Medium Priority
?
53 Views
Last Modified: 2016-10-18
Hello,

First, let me say I am not an Exchange Expert. I never really used Exchange from the admin point of view until I started working here almost five years ago.
Our company produces products that work with exchange. Currently we use MAPI to communicate with the Exchange servers. In order to do this, we apply the following commands on the exchange server to give the service account permission to read the mailboxes as our products run as a service.

Add-ExchangeAdministrator -Role ViewOnlyAdmin -Identity domain\
"Service Account"

Get-MailboxDatabase | Add-ADPermission -AcccessRights GenericRead
-User "Service Account"

Get-MailboxDatabase | Add-ADPermission -AccessRights ExtendedRight
-User "Service Account"



This all worked fine in Exchange 2010, and in a mixed 2010/2013 environment. Now that 2016 has come out, we have created a mixed 2013/2016 environment, all running on Server 2012 R2. These three commands no longer give the service account read access.

The commands execute without error, however we are getting MAPI errors..”Failed to open the users mailbox”.  We get our MAPI component from installing Outlook, in this case Outlook 2013.

After using the commands, I have restarted the Information Store, heck I have even rebooted the Exchange server.

I have been able to get the service account to traverse the mailboxes by applying full access, and by applying read access to the “root” folder of the users mailbox (add-mailboxfolderpermission).

Has Exchange 2013 and 2016 changed enough to make these steps no longer work?

I considered just using the add-mailboxfolderpermission cmdlet, but some customers don’t like change and some are skittish about granting permissions at all. I imaging some can’t due to HIPPA, Data protection laws, etc. But if that is what is it going to take, then so be it.

Also, it is not practical to add other mailboxes to the Outlook profile, since our products need access to the whole organizations mailboxes.

If you need any commands issued for more information, please sends the commands as well. Like I said, I’m not an expert, but for as much as I have been working on it, I sure have learned plenty. I have pretty much been upside down, head first in exchange and have come up with nothing.

Any help is greatly appreciated, as I am at my wits end with this.



S
0
Comment
Question by:Steve hu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points (awarded by participants)
ID: 41821421
MAPI/CDO no longer available on Exchange 2016
https://technet.microsoft.com/en-us/library/jj619283(v=exchg.160).aspx

so if your product are rely on MAPI/CDO (usually) then it will just no longer work.
EWS/REST api is the way forward.

Also, WEBDAV no longer exist after Exchange 2010.

Again, I don't know your product well enough to determine which protocol you are using
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41847966
provided input to it's issue.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question