Arun Kumar V
asked on
Unable to access a mailbox with Full Access and inherited permissions
Unable to access\connect to a user mailbox even when having full-access rights and also inherited accounts that have Full Access
Exchange Server 2016
When accessing with any of the 'Domain Admin' accounts message read 'You don't have permission to open this mailbox', have already removed and re-added the permissions but still receiving same deny.
Exchange Server 2016
When accessing with any of the 'Domain Admin' accounts message read 'You don't have permission to open this mailbox', have already removed and re-added the permissions but still receiving same deny.
Does the Domain admin account have a mailbox?
ASKER
There are 4 accounts part of 'Domain Admins' and all four have mailboxes
Open Exchange Management shell and run the following to verify if your user has rights
Get-MailboxPermission "sharedmailboxemailaddress" | Select User,AccessRights
Get-MailboxPermission "sharedmailboxemailaddress" | Select User,AccessRights
Arun get the mailbox database servername that holds the mailbox and run the below command to add the domain admins
get-mailboxdatabase -server "<servername>" | add-adpermission -user "Domain Admins" -AccessRights GenericAll
get-mailboxdatabase -server "<servername>" | add-adpermission -user "Domain Admins" -AccessRights GenericAll
Arun get the mailbox database servername that holds the mailbox and run the below command to add the domain admins
get-mailboxdatabase -server "<servername>" | add-adpermission -user "Domain Admins" -AccessRights GenericAll
get-mailboxdatabase -server "<servername>" | add-adpermission -user "Domain Admins" -AccessRights GenericAll
ASKER
Executed and received WARNING: The appropriate access control entry is already present on the object.
1. I want you to open up webmail with the domain account
2. At the top right click your initials and then "open another mailbox"
3. Enter the email address of the mailbox and see if it opens up
2. At the top right click your initials and then "open another mailbox"
3. Enter the email address of the mailbox and see if it opens up
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When executed: Remove-MailboxPermission "emailaddressofthemailbox" -User "Domain Admins" -Deny -InheritanceType ‘All’ -AccessRights ‘FullAccess’ (used actual email address)
the result I am seeing is: "WARNING: An inherited access control entry has been specified: [Rights: CreateChild, ControlType: Deny] and was ignored on object "
the result I am seeing is: "WARNING: An inherited access control entry has been specified: [Rights: CreateChild, ControlType: Deny] and was ignored on object "
look in ADSIEdit in the Configuration section for Exchange and check where your rights are applied at. See Configuration, Services, Microsoft Exchange, <org name> and look at the Security permissions at that level.
two properties you can remove deny rights is Send-As and Receive-As , this will give you full Mailbox permissons and Send As permission on the mailbox.
two properties you can remove deny rights is Send-As and Receive-As , this will give you full Mailbox permissons and Send As permission on the mailbox.
Reference link to get in to adsiedit
https://documentation.commvault.com/commvault/v11_sp14/article?p=28840.htm
https://documentation.commvault.com/commvault/v11_sp14/article?p=28840.htm
ASKER
I am able to access the mailbox, thank you FOX for the consistent help that resolved the issue