Bizarre Problem Effecting Only Some Mailboxes
Let me start by saying I'm new to Exchange 2007. We've been using Lotus Notes for years. I haven't worked with Exchange since version 5. We now have a new Exchange 2007 server and we are in the process of switching over from Notes. Everything is going well except a bizarre problem effecting administrators trying to open mailboxes. I realize that by default administrators are denied the ability to open other mailboxes. I applied the following command to give admins the right - Get-MailboxDatabase -identity "SERVERNAME\First Storage Group\Mailbox Database" | Add-ADPermission -user USERNAME -AccessRights GenericAll This worked on approximately two thirds of the mailboxes. As an admin I can open the inbox and other folders. However, for about one third of the mailboxes I get the following error when I try to open them - Cannot display the folder. The inbox folder cannot be found. In addition to applying rights to the first storage group I've also tried applying rights to the specific mailboxes with this command - Add-MailboxPermission "USERS MAILBOX" -AccessRights FullAccess -user "USERNAME" So far nothing gives me access to that small percentage of mailboxes. If I go to each workstation and share the individual folders that works, but I was looking to make it work the way itdid for the other mailboxes. All the effected users are in the global address book. This situation applies to all our administrators and is quite frustrating. Any thoughts? Thanks in advance.
August 13th, 2008 3:29pm
To access all mailboxes in a database you need to assign Receive-As permission on a mailbox database.
Reference: How to Allow Mailbox Access
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2008 6:37pm
I can open most mailboxes without granting that specific right (by using the GenericAll command) but I did try assigning the specific Receive-As right and the system tells me it's already assigned.
August 13th, 2008 8:50pm
Dear customer
To get full access right on all mailboxes in a database, we can grant "Receive As" permission to the user or group with cmd-let "Add-ADPermission". Please simply run command as the steps below:
1. Logon Exchange server and load Exchange management Shell.
2. Remove Deny permission with command
3. Run following command to grant the permission
Grant permission on a single mailbox store
Get-MailboxDatabase "<server name\storage group name\mailbox database name>" | Add-ADPermission -User "<group name>" -ExtendedRights Receive-As
Grant permission on all mailbox stores on a server
Get-MailboxDatabase -server "<server name>" | Add-ADPermission -User "<group name>" -ExtendedRights Receive-As
Please note that the permission granted with the command above can't be taken effect until the cache on information store refreshes. By default the refresh interval is two hours, or we can force refreshing the cache by restarting Exchange Information Store service. To do so, please:
1. Load Service snap-in by run services.msc.
2. Locate entry Microsoft Exchange Information Store, right click it and select Restart.
Additionally, I enclosed three articles about this topic as below for your information.
Exchange 2007 - How to Allow Mailbox Access
<http://technet.microsoft.com/en-us/library/aa996343(EXCHG.80).aspx>
Exchange 2007 - Add-ADPermission
<http://technet.microsoft.com/en-us/library/bb124403(EXCHG.80).aspx>
Understanding Mailbox Permissions
<http://technet.microsoft.com/en-us/library/bb123879(EXCHG.80).aspx>
Hope it helps. If anything is unclear, please feel free to let me know.
Rock Wang - MSFT
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2008 10:27am
Rock Wang MSFT wrote:
Dear customer
To get full access right on all mailboxes in a database, we can grant "Receive As" permission to the user or group with cmd-let "Add-ADPermission". Please simply run command as the steps below:
1. Logon Exchange server and load Exchange management Shell.
2. Remove Deny permission with command
3. Run following command to grant the permission
Grant permission on a single mailbox store
Get-MailboxDatabase "<server name\storage group name\mailbox database name>" | Add-ADPermission -User "<group name>" -ExtendedRights Receive-As
Grant permission on all mailbox stores on a server
Get-MailboxDatabase -server "<server name>" | Add-ADPermission -User "<group name>" -ExtendedRights Receive-As
Please note that the permission granted with the command above can't be taken effect until the cache on information store refreshes. By default the refresh interval is two hours, or we can force refreshing the cache by restarting Exchange Information Store service. To do so, please:
1. Load Service snap-in by run services.msc.
2. Locate entry Microsoft Exchange Information Store, right click it and select Restart.
Additionally, I enclosed three articles about this topic as below for your information.
Exchange 2007 - How to Allow Mailbox Access
<http://technet.microsoft.com/en-us/library/aa996343(EXCHG.80).aspx>
Exchange 2007 - Add-ADPermission
<http://technet.microsoft.com/en-us/library/bb124403(EXCHG.80).aspx>
Understanding Mailbox Permissions
<http://technet.microsoft.com/en-us/library/bb123879(EXCHG.80).aspx>
Hope it helps. If anything is unclear, please feel free to let me know.
Rock Wang - MSFT
Thanks for the suggestions. You mention removing deny permission with a command. What would be the syntax for that command? Without doing that Itried the other commands you suggested but the system responds by telling me the appropriate rights are already set (as I ran the GenericAll command previously).
August 19th, 2008 5:05pm
Dear customer:
To verify whether you add the correct permission on mailbox, please run the following command, and post the result into the forum.
Get-MailboxPermission -Identity Test1 | Format-List
Note: replace Test1 with the actual name which resides in your mailbox database.
Thanks for cooperation.
Rock Wang - MSFT
Free Windows Admin Tool Kit Click here and download it now
August 21st, 2008 4:47pm