Hi, I have an application with must run as an user who have rights to access all Mailboxes of a Database. I have a user e.g. "jhaendle". He is full Exchange Organization admin. I run the command: Get-MailboxDatabase -Server"msxjh1" | Get-ADPermission - user "jhaendle" |fl I get the following output: User : MSXDEV1\jhaendleIdentity : MSXJH1\First Storage Group\Mailbox DatabaseDeny : TrueAccessRights : {ExtendedRight}ExtendedRights : {Receive-As}IsInherited : TrueProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : All User : MSXDEV1\jhaendleIdentity : MSXJH1\First Storage Group\Mailbox DatabaseDeny : TrueAccessRights : {ExtendedRight}ExtendedRights : {Send-As}IsInherited : TrueProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : All User : MSXDEV1\jhaendleIdentity : MSXJH1\First Storage Group\Mailbox DatabaseDeny : FalseAccessRights : {GenericAll}ExtendedRights :IsInherited : TrueProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : All Now I add the Receive-As and the Send-As rights with following commands: Get-MailboxDatabase -Server MSXJH1 | Add-adPermission -user "jhaendle" -ExtendedRights "Receive-As" Get-MailboxDatabase -Server MSXJH1 | Add-adPermission -user "jhaendle" -ExtendedRights "Send-As" Now I look at the rights with the Get-AdPermissionand there are all above rights plus these: User : MSXDEV1\jhaendleIdentity : MSXJH1\First Storage Group\Mailbox DatabaseDeny : FalseAccessRights : {ExtendedRight}ExtendedRights : {Receive-As}IsInherited : FalseProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : All User : MSXDEV1\jhaendleIdentity : MSXJH1\First Storage Group\Mailbox DatabaseDeny : FalseAccessRights : {ExtendedRight}ExtendedRights : {Send-As}IsInherited : FalseProperties :ChildObjectTypes :InheritedObjectType :InheritanceType : All I restarts the "Microsoft Exchange Information Store" all the same. I tried to Logon with Outlookas a normal e.g."karl1"user(MAPI profile) with the access-data of user "jhaendle"and tried to send a mail with the rights of user "jhaendle" but I get a message that I don't have the permission to do this. My application also only works on the Mailbox of user "jhaendle" and no other. I tried to remove these inherited rights with Remove-AdPermission but I can only delete my rights which I created and not the inherited rights. How can I removethe inherited rights so I can get my Mail application to work on all mailboxes? I don't know if it is important, but I have also an Exchange Server 2003 in the organisation. There I added a delegation in the Management Console. Thank for any help.

Hello, Inheritance permission should be coming from upper level and you need to find it out where deny permission is coming from, you can check with ADSIEdit.msc Go to Adsiedit.msc -> configuration -> services -> Microsoft Exchange -> YourOrgName -> Administrative Groups -> Exchange Administrative Group (FYD...) -> YourServerName -> SGName -> DBName Check in security tab one by one all upper level startingfrom DBName and find where inherited deny permission is coming from and remove it, then give the allow permission to user and check.

Cool it works, thanks. Are there other possibilities then using ADSIEdit.msc? For example possibilities using Powershell?

Great... You can do with powershell and procedure is same, you need to find from where the inherited deny permission is coming with Get-ADPermissions by giving DN of object one by one to upper level and remove it from there but it is easier with power of GUI ADSIedit.msc

ok, thank you, I will think about it which solution is better.