exchange 2016 mailbox permissions issue
Posted on 2016-09-28
First, let me say I am not an Exchange Expert. I never really used Exchange from the admin point of view until I started working here almost five years ago.
Our company produces products that work with exchange. Currently we use MAPI to communicate with the Exchange servers. In order to do this, we apply the following commands on the exchange server to give the service account permission to read the mailboxes as our products run as a service.
Add-ExchangeAdministrator -Role ViewOnlyAdmin -Identity domain\
Get-MailboxDatabase | Add-ADPermission -AcccessRights GenericRead
-User "Service Account"
Get-MailboxDatabase | Add-ADPermission -AccessRights ExtendedRight
-User "Service Account"
This all worked fine in Exchange 2010, and in a mixed 2010/2013 environment. Now that 2016 has come out, we have created a mixed 2013/2016 environment, all running on Server 2012 R2. These three commands no longer give the service account read access.
The commands execute without error, however we are getting MAPI errors..”Failed to open the users mailbox”. We get our MAPI component from installing Outlook, in this case Outlook 2013.
After using the commands, I have restarted the Information Store, heck I have even rebooted the Exchange server.
I have been able to get the service account to traverse the mailboxes by applying full access, and by applying read access to the “root” folder of the users mailbox (add-mailboxfolderpermission).
Has Exchange 2013 and 2016 changed enough to make these steps no longer work?
I considered just using the add-mailboxfolderpermission cmdlet, but some customers don’t like change and some are skittish about granting permissions at all. I imaging some can’t due to HIPPA, Data protection laws, etc. But if that is what is it going to take, then so be it.
Also, it is not practical to add other mailboxes to the Outlook profile, since our products need access to the whole organizations mailboxes.
If you need any commands issued for more information, please sends the commands as well. Like I said, I’m not an expert, but for as much as I have been working on it, I sure have learned plenty. I have pretty much been upside down, head first in exchange and have come up with nothing.
Any help is greatly appreciated, as I am at my wits end with this.