Home / server / Questions / 459831
Accepted
tfrederick74656
Asked: 2012-12-21 13:59:56 +0800 CST

Give AD Security Group Exchange Full Access Permission

  • 772

My company is running Exchange 2007. From time to time, we need to open a user's Mailbox to to various tasks. Until now, we've been logging is as them and using Outlook directly. I'd like to give Full Access permission for all mailboxes to an "IT" security group in active directory, that way we can simply open their folders/mailbox in Outlook under our accounts. I understand the syntax to do this from PowerShell, but Exchange won't find the "IT" group name.

 Add-MailboxPermission -Identity 'IT' -User '*' -AccessRights 'FullAccess'

The command stalls on the Identity parameter. It works fine when another exchange user is specified, but not for AD groups. I CAN add the permission through the GUI, but only one account at a time. I've tried this in every configuration I could think of, including 'DOMAIN\IT' 'CN=IT,etc..', but no dice. Any help?

Thank you!

exchange

1 Answers

  1. Best Answer

    You have it backwards there. The -user reference is to the security principal that you give permission to. -Identity is the identity of the resource that the -user gets permissions on.

    $Mailboxes = Get-Mailbox -ResultSize unlimited 
foreach($Mailbox in $Mailboxes){Add-MailboxPermission -Identity $Mailbox -User 'IT' -AccessRights 'FullAccess'}
    • 4