Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
admin rights for all mailboxes in 2007
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
RE: admin rights for all mailboxes in 2007 - 12.Jun.2007 2:55:35 PM
|
|
|
John Weber
Posts: 618
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
|
You can try this:
Make a user be able to receive-as for all databases. This may be useful for BESAdmin, GoodLink, Exmerge-type operations, or Quest migrations:
[PS] get-mailboxdatabase | add-adpermission -user exchsuper
-extendedrights receive-as
Send-as (as per above):
[PS] get-mailboxdatabase | add-adpermission -user exchsuper
-extendedrights send-as
To remove perms set in both steps above, replace add-adpermission with remove-adpermission
When you grant a user full access permissions to a mailbox, that user has full access to only the mailbox for which the permissions are applied. With full access permissions, the user can open and read the contents of the mailbox. However, the user cannot send as that mailbox without additional permissions.
Add-MailboxPermission "Mailbox" -User "Trusted User" -AccessRights FullAccess
If you have the user objects arranged in OU's, you can do the following:
get-mailbox -organizationalunit "fillintheblank" | add-mailboxpermission ...
I have not tried doing the add-adpermission "fullaccess" routine. But I imagine that it would be worth a shot.
-John
quote:
ORIGINAL: gmon72
Hi All,
I have the need to have access to all mailboxes. I get called by HR all the time to look into someones mailbox for a variety of reason. This was easy in 5.5 and 2003. I am going crazy trying this in 2007.
I have seen this page
http://technet.microsoft.com/en-us/library/bb310792.aspx
which doesnt help on the mailbox store level. I can add myself to individual mailboxes, but with 100s of mailboxes its not managle.
If I try the extendedrights: send as i dont seem to have full mailbox access.
I found this post on usenet with the name problem but am wary to start messing with ADSI edit as I am sure down the road problems will be caused.
http://groups.google.com/group/microsoft.public.exchange.admin/browse_thread/thread/1ffccd0c367663d1/b1bb331e6cf6f7f6?lnk=st&q=exchange+2007+admin++rights&rnum=1&hl=en#b1bb331e6cf6f7f6
anyone have an ideas?
Thanks!
|
|
|
|
|
RE: admin rights for all mailboxes in 2007 - 12.Jun.2007 2:57:27 PM
|
|
|
John Weber
Posts: 618
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
|
I also have this in my notes...
Do you have an email account in e2k7 that needs to grant full access to for a group of other people? Do they need to also be able to send-as that account?
1. Create the account.
2. Create a security group.
3. Populate the security group with the lucky individuals.
4. Run the following from the PS: add-mailboxpermission.
5. Step through the command. The zippy screen shot illustrates this. You can also give it the command on one long string if you can ever figure out the syntax.
a. The first identity is the account that is granting the rights.
b. The second identity is the account (in this case an SG) that needs to access/send-as.
6. You could modify this to just fullaccess or just sendas. Also receiveas.
7. Remove-mailboxpermission is the reverse of this process.
-john
|
|
|
|
|
RE: admin rights for all mailboxes in 2007 - 12.Jun.2007 3:33:38 PM
|
|
|
gmon72
Posts: 3
Joined: 12.Jun.2007
Status: offline
|
Wow. Thanks for the fast response. I tried the OU way and it seems to work for all current users.
Do you know of a way to have it so that all new users get the correct permissions?
The receive-as send-as mailbox store level doesnt seem to do the trick as full rights. I cant seem to access mailboxes via OWA with just send as and receive as.
|
|
|
|
|
RE: admin rights for all mailboxes in 2007 - 13.Jun.2007 12:11:15 PM
|
|
|
John Weber
Posts: 618
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
|
If the per OU process worked, the only way I can see is to work that command into your user creation process...
or, make up a script and run it as a scheduled task.
-john
quote:
ORIGINAL: gmon72
Wow. Thanks for the fast response. I tried the OU way and it seems to work for all current users.
Do you know of a way to have it so that all new users get the correct permissions?
The receive-as send-as mailbox store level doesnt seem to do the trick as full rights. I cant seem to access mailboxes via OWA with just send as and receive as.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
