Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

Suppose:

A business case requires you to implement Full Access on every mail item within a DAG.

Problem:

Exchange Management Shell command will allow you to perform this change (See below), but will not perpetually apply the changes as new users are created.

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq 'UserMailbox'} | Add-MailboxPermission -User <UserName> -AccessRights FullAccess -InheritanceType all

Solution:

Set the permissions within ADSI.

  • Open ADSI Edit under the Configuration Naming Context.
  • Drill down to the following path:
    • Configuration [DC]/CN=Configuration,DC=Contoso,DC=Local/CN=Services/CN=Microsoft Exchange/CN=<Exchange>/CN=Administrative Groups/CN=Exchange Administrative Group
  • Right-Click on "Databases" and select "Properties".
  • Go to the "Security" tab.
  • Select "Add..."
    • Add the user account (or preferably security group).
    • Select "Full Control"
  • Hit "Apply", then "OK".

Verification:

Run the following to verify the permissions have been applied. Changes are immediate.

Get-Mailbox <Any Mailbox> | Get-MailboxPermission | fl User,AccessRights