Hi, In Exchange 2007 with all the patches installed... Is it somehow possible to setup Full Access permission to all mailboxes for a service account? I know it is possible to do this with a PowerShell script and schedule it to be run regularly. But... is it possible that everytime I add new user account Full Access permission for a certain user account would be there immediately? There is already similar setup configured in this Exchange environment for another service account to have Send As permissions automatically and immediately. Unfortunately I can't remember how this has been done... Best regards, Toniwww.triuvare.fi

Give Receive as Perms to the entire mailbox database: http://technet.microsoft.com/en-us/library/aa996343(v=exchg.80).aspx How to Allow Mailbox Access

Hi, Thanks for your reply but unfortunately this doesn't seem to work. Here is how I tested: ran successfully command: Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-Ascreated new user to the mailbox store where I have given the permissionschecked from the new user's Manage Full Access Permissions view in Exchange Management Console but unfortunately there were only "NT AUTHORITY\SELF" not the "Trusted User" Any other suggestions? Best regards, Toniwww.triuvare.fi

You will not be able to see this permission in Mailbox permission. As you see we have run the command Add-ADpermission. You can check on the user in AD whether the permission has been inherited from Mailbox store or not. Did you try to access the mailbox using that service account?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com

Hi, I tried logged in to OWA with the service account and tried to open another user mailbox from the store where I have given the permission before. I got an error message: "You do not have permission to open this mailbox. For access or for more information, contact technical support for your organization.". Is there any way to do this so that the permission (Full Access) would be visible in Exchange Management Console as well? Best regards, Toniwww.triuvare.fi

lets try this. It worked in my lab enviroment. Get-Mailboxdatabase | Add-ADPermission -User serviceaccount -AccessRights ExtendedRight -ExtendedRights ms-exch-store-admin, receive-as Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com

Hi Toni, Yes, that will only work for those existing mailboxes, for new created mailboxes, you need to run that command again. You also can follow Andy's suggestion to have a try, I checked in my lab (Exchange 2007 SP3), this will not work on the new created mailboxes. Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Evan Liu TechNet Community Support

lets try this. It worked in my lab enviroment. Get-Mailboxdatabase | Add-ADPermission -User serviceaccount -AccessRights ExtendedRight -ExtendedRights ms-exch-store-admin, receive-as Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com @Hasnain Did you test on new created mailbox? I follow your way to test in my lab, I cannot open the new created mailbox. Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contacttngfb@microsoft.com Evan Liu TechNet Community Support

Hi Toni, I checked in my lab, cannot make full access permission work on the new created mailboxes. For the send as permission, you can follow this way to make it works on new created mailboxes: Grant "send as" permission at the domain or ou level: Use one account that has Domain Admin permission of the domain, or Enterprise Admin permissions. Run this command to grant "send as" permisison at the domain or OU level: Add-ADPermission "<DN of Domain or OU>" -User "Domain\New Service Account" -ExtendedRights "send as" -InheritedObjectType user After that service account will have send as permission on the users in that domain or OU. Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contacttngfb@microsoft.com Evan Liu TechNet Community Support

Hi Evan, Thanks. So answer to my original question is that this is not possible. Thanks for clearing me out the difference between Send As and Full Access permissions. Now I understand how the existing service account + Send As works automatically. I will create a script and schedule it to be ran regularly. Best regards, Toniwww.triuvare.fi