Solved

exchange 2016 mailbox permissions issue

Posted on 2016-09-28
2
34 Views
Last Modified: 2016-10-18
Hello,

First, let me say I am not an Exchange Expert. I never really used Exchange from the admin point of view until I started working here almost five years ago.
Our company produces products that work with exchange. Currently we use MAPI to communicate with the Exchange servers. In order to do this, we apply the following commands on the exchange server to give the service account permission to read the mailboxes as our products run as a service.

Add-ExchangeAdministrator -Role ViewOnlyAdmin -Identity domain\
"Service Account"

Get-MailboxDatabase | Add-ADPermission -AcccessRights GenericRead
-User "Service Account"

Get-MailboxDatabase | Add-ADPermission -AccessRights ExtendedRight
-User "Service Account"



This all worked fine in Exchange 2010, and in a mixed 2010/2013 environment. Now that 2016 has come out, we have created a mixed 2013/2016 environment, all running on Server 2012 R2. These three commands no longer give the service account read access.

The commands execute without error, however we are getting MAPI errors..”Failed to open the users mailbox”.  We get our MAPI component from installing Outlook, in this case Outlook 2013.

After using the commands, I have restarted the Information Store, heck I have even rebooted the Exchange server.

I have been able to get the service account to traverse the mailboxes by applying full access, and by applying read access to the “root” folder of the users mailbox (add-mailboxfolderpermission).

Has Exchange 2013 and 2016 changed enough to make these steps no longer work?

I considered just using the add-mailboxfolderpermission cmdlet, but some customers don’t like change and some are skittish about granting permissions at all. I imaging some can’t due to HIPPA, Data protection laws, etc. But if that is what is it going to take, then so be it.

Also, it is not practical to add other mailboxes to the Outlook profile, since our products need access to the whole organizations mailboxes.

If you need any commands issued for more information, please sends the commands as well. Like I said, I’m not an expert, but for as much as I have been working on it, I sure have learned plenty. I have pretty much been upside down, head first in exchange and have come up with nothing.

Any help is greatly appreciated, as I am at my wits end with this.



S
0
Comment
Question by:Steve hu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 500 total points (awarded by participants)
ID: 41821421
MAPI/CDO no longer available on Exchange 2016
https://technet.microsoft.com/en-us/library/jj619283(v=exchg.160).aspx

so if your product are rely on MAPI/CDO (usually) then it will just no longer work.
EWS/REST api is the way forward.

Also, WEBDAV no longer exist after Exchange 2010.

Again, I don't know your product well enough to determine which protocol you are using
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41847966
provided input to it's issue.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
This video discusses moving either the default database or any database to a new volume.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question