Exchange Full-Access and Send-As mailbox permissions with Powershell

Posted on April 6, 2012 by Chris Roualin

All tasks in Exchange Server 2007 or Exchange Server 2010 can be done in the Exchange Management Shell. So you are also able to give the Send-As permission and the Full-access permission via the Exchange Management Shell.

Send-As permissions

If you want to give the user Pete Peterson the Send-As permission for the John Johnson Mailbox you can use the following command line:

get-user -identity “john.johnson@msexchangeblog.nl” | Add-ADPermission -User “pete.peterson@msexchangeblog.nl” -ExtendedRights Send-As

If you want to give the Active Directory group SendAsGroup the Send-As permission for the John Johnson Mailbox you can use the same command line:

get-user -identity “john.johnson@msexchangeblog.nl” | Add-ADPermission -User “SendAsGroup” -ExtendedRights Send-As

Full-Access permission

To be able to give an user or group the Exchange mailbox Full-Access permission, you need to use two separate command lines. First you need to remove the Deny FullAccess permissions on the account. After the deny permission is removed you need to give the user or group the FullAccess permission on the Exchange Mailbox.

If you want to give the user Pete Peterson the Full-Access permission for the John Johnson Mailbox you can use the following command lines:

get-user -identity “john.johnson@msexchangeblog.nl” |Remove-MailboxPermission -User “pete.peterson@msexchangeblog.nl” -Deny -InheritanceType ‘All’ -AccessRights ‘FullAccess’

get-user -identity “john.johnson@msexchangeblog.nl” | Add-MailboxPermission -User ”pete.peterson@msexchangeblog.nl” -AccessRights ‘FullAccess’

If you want to give the Active Directory group FullAccessGroup the Send-As permission for the John Johnson Mailbox you can use the same command lines:

get-user -identity “john.johnson@msexchangeblog.nl” |Remove-MailboxPermission -User “FullAccessGroup” -Deny -InheritanceType ‘All’ -AccessRights ‘FullAccess’

get-user -identity “john.johnson@msexchangeblog.nl” | Add-MailboxPermission -User ”FullAccessGroup” -AccessRights ‘FullAccess’

(Source : http://www.msexchangeblog.nl/2010/10/22/exchange-full-access-and-send-as-mailbox-permissions-with-powershell/ )

Managing calendar permissions in Exchange Server 2010

Posted on March 21, 2012 by Chris Roualin

In legacy versions of Exchange Server we could use PFDAVAdmin to manage calendar permissions, or alternatively the 3rd party tool SetPerm.
With Exchange Server 2010 calendar permissions can be managed using the *-MailboxFolderPermission cmdlets. While these cmdlets can be used to manage permissions on any mailbox folder, we`ll focus on calendar permissions.

In fact we got 4 *-MailboxFolderPermission cmdlets in Exchange Server 2010:

Since I`ll be focusing on managing default permissions , which is an existing ACL on the calendar folder, we need to use the Set-MailboxFolderPermission cmdlet:

To grant “Reviewer”-permissions for the “Default” user, we would run the following:

Some companies have a policy that everyone must share their calendars with all users. Since it`s now possible to manage calendar permissions using PowerShell, I`ve written a script to accomplish this task; Set-CalendarPermissions.ps1.

While this script could be scheduled to run on a regular basis, a better approach for managing calendar permissions for new mailboxes are the use of the Scripting Agent which is a part of the Cmdlet Extension Agents, a very useful feature introduced in Exchange Server 2010.

(source : http://tinyurl.com/7lg3umf)

Blackberry permissions for Exchange 2007

Posted on March 9, 2012 by Chris Roualin

After installing and configuring the Blackberry Enterprise Server application you will need to run the following Exchange 2007 PowerShell commands to grant the Blackberry service account (besadmin) access to the Exchange mailboxes.

Granting access for a single mailbox

In this example we are giving the besadmin account the access required to handle the email for the john.doe@domain.com mailbox-

[PS] C: >Add-MailboxPermission john.doe@domain.com –user domainbesadmin –AccessRights FullAccess [PS] C: >Add-ADPermission john.doe@domain.com –user domainbesadmin -ExtendedRights Send-As, Receive-As

Granting access to all mailboxes

This command will allow the besadmin account to access ALL mailboxes on the Exchange server.

[PS] C: >Get-MailboxServer | Add-ADPermission -User domainbesadmin -AccessRights GenericRead, GenericWrite -ExtendedRights Send-As, Receive-As, ms-Exch-Store-Admin

Exchange, Powershell, AD & Azure Tips

The greatest WordPress.com site in all the land!

Tag Archives: permissions