Exchange 2010 Permission Assistance Needed with WorkSite
Hello,
I need to grant our WorkSite AD account the proper Exchange permissions so the account has the ability to file emails into our document management system. Here is the requesting permissions.
Has a minimum of the following permissions at the Exchange Server level, Information Store Level, and user mailbox LevelExchange 2010: Write, Read, Send As
Can someone assist me in accomplishing this task? This is all of the documentation I have to go off of. I need this setup where all current mailboxes are applied these settings and all new mailboxes created moving forward also receive these settings. ThanksJason
August 14th, 2012 3:31pm
This is the command I think I should use.
Get-MailboxDatabase -Identity 'db-o' | Add-ADPermission -User worksitecomm -AccessRights GenericAll
Identity User Deny Inherited
-------- ---- ---- ---------
DB-O LAWFIRM\WorkSiteComm False False
Does this look correct? Does GenericAll give Send-As permissions as well?Jason
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2012 5:02pm
You can use genericaAll but that probably won't be enough, AD perms don't translate into Exchange perms but rather allows you to impersonate certain rights. Use below
get-mailboxserver exchange2010 | add-adpermission -user worksitecomm -accessrights GenericAll, -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
The above is similar to configuring BES which is likely the exact same permissions your app needs however BES doesn't use GenericAll but just read\write.
get-mailboxserver <Exchange 2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
August 14th, 2012 9:39pm
You can use genericaAll but that probably won't be enough, AD perms don't translate into Exchange perms but rather allows you to impersonate certain rights. Use below
get-mailboxserver exchange2010 | add-adpermission -user worksitecomm -accessrights GenericAll, -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
The above is similar to configuring BES which is likely the exact same permissions your app needs however BES doesn't use GenericAll but just read\write.
get-mailboxserver <Exchange 2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2012 9:48pm
Hi Jason,
Any updates?
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.Frank Wang
TechNet Community Support
August 15th, 2012 10:25pm
Hello,
Thank you all for the assistance here. I talked with the Systems Manager today and he reports to having no MAPI errors for our DMS.
I did not use James Powershell command but I have no doubt that it would have resolved my issue.
JJason
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2012 1:48pm