Hello,We can setup permission for mailbox in Exchange Management Shell - Add-ADpermission or Add-Mailboxpermission or in Exchange Management Console.Another way is to setup permission directly in Active Directory. I configure UserA full acess on UserB object in ADSIedit (SendAs and ReceiveAs).When UserA open OWA, still cannot open UserB inbox. This way doesnt work for me.ThanksJan

Mailbox rights are not set in Active Directory. Back in Exchange 2003, it looked like you did, but it actually put those rights in the mailbox store and what you saw in the GUI was a reflection of the actual mailbox store settings, and they weren't necessarily accurate.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "Jan Matejka" wrote in message news:08eb3c64-3e2d-46dc-abaf-5ed9cd43d2dd...Hello,We can setup permission for mailbox in Exchange Management Shell - Add-ADpermission or Add-Mailboxpermission or in Exchange Management Console.Another way is to setup permission directly in Active Directory. I configure UserA full acess on UserB object in ADSIedit (SendAs and ReceiveAs).When UserA open OWA, still cannot open UserB inbox. This way doesnt work for me.ThanksJan Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

On Thu, 25 Feb 2010 08:40:46 +0000, Jan Matejka wrote:>Hello,We can setup permission for mailbox in Exchange Management Shell - Add-ADpermission or Add-Mailboxpermission or in Exchange Management Console.Another way is to setup permission directly in Active Directory. I configure UserA full acess on UserB object in ADSIedit (SendAs and ReceiveAs).When UserA open OWA, still cannot open UserB inbox. This way doesnt work for me.ThanksJan I'm pretty sure that ADSIEDIT lacks the necessary "smarts" to make thechange to the mailbox (which isn't the same as the AD).---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Hello,Just like the friends mentioned above, the mailbox permission can’t be set in AD. You need to use command set-mailboxpermission to do the job. Check the similar thread for more information: http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/58e19126-4fdb-4a6e-bc56-7ee0fe625ac3 Hope this helps. Thanks, Elvis

Thanks,this is difficult:-) I started to audit all Active Directory Object changes on Windows 2008 DC. You have to check ID 5136 - A directory service object was modified.I need to monitor the admins activity for mailbox access.BUT:1) When you run in EMC - Add Send-As permission, event is logged and you can see which user generated changes on user oject - OK, great.2) When you run in EMC - Add Full Access permission, event is logged BUT user is Exchange computer name:-) So you dont get information who performed this action in Exchange Management Console:-) You can only view that EXCHSRV$ modified user AD object.Jan

Hi, May be this is because that These configuration is stored in Mailbox Store and not in the AD as mentioned in above post. Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com