?
Solved

exchange 2016 mailbox permissions issue

Posted on 2016-09-28
2
Medium Priority
?
38 Views
Last Modified: 2016-10-18
Hello,

First, let me say I am not an Exchange Expert. I never really used Exchange from the admin point of view until I started working here almost five years ago.
Our company produces products that work with exchange. Currently we use MAPI to communicate with the Exchange servers. In order to do this, we apply the following commands on the exchange server to give the service account permission to read the mailboxes as our products run as a service.

Add-ExchangeAdministrator -Role ViewOnlyAdmin -Identity domain\
"Service Account"

Get-MailboxDatabase | Add-ADPermission -AcccessRights GenericRead
-User "Service Account"

Get-MailboxDatabase | Add-ADPermission -AccessRights ExtendedRight
-User "Service Account"



This all worked fine in Exchange 2010, and in a mixed 2010/2013 environment. Now that 2016 has come out, we have created a mixed 2013/2016 environment, all running on Server 2012 R2. These three commands no longer give the service account read access.

The commands execute without error, however we are getting MAPI errors..”Failed to open the users mailbox”.  We get our MAPI component from installing Outlook, in this case Outlook 2013.

After using the commands, I have restarted the Information Store, heck I have even rebooted the Exchange server.

I have been able to get the service account to traverse the mailboxes by applying full access, and by applying read access to the “root” folder of the users mailbox (add-mailboxfolderpermission).

Has Exchange 2013 and 2016 changed enough to make these steps no longer work?

I considered just using the add-mailboxfolderpermission cmdlet, but some customers don’t like change and some are skittish about granting permissions at all. I imaging some can’t due to HIPPA, Data protection laws, etc. But if that is what is it going to take, then so be it.

Also, it is not practical to add other mailboxes to the Outlook profile, since our products need access to the whole organizations mailboxes.

If you need any commands issued for more information, please sends the commands as well. Like I said, I’m not an expert, but for as much as I have been working on it, I sure have learned plenty. I have pretty much been upside down, head first in exchange and have come up with nothing.

Any help is greatly appreciated, as I am at my wits end with this.



S
0
Comment
Question by:Steve hu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points (awarded by participants)
ID: 41821421
MAPI/CDO no longer available on Exchange 2016
https://technet.microsoft.com/en-us/library/jj619283(v=exchg.160).aspx

so if your product are rely on MAPI/CDO (usually) then it will just no longer work.
EWS/REST api is the way forward.

Also, WEBDAV no longer exist after Exchange 2010.

Again, I don't know your product well enough to determine which protocol you are using
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41847966
provided input to it's issue.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question