How to assign Full Access Permissions to Multiple Mailboxes in Exchange 2007/2010

Recently I was required to modify several dozen mailboxes in Exchange 2007 to give a user Full Access administrative rights on those mailboxes.

The Exchange Management Console limits you whereby you can only grant those permissions on one mailbox at a time.  I wanted to find a way to script it to speed the process along and make it more interesting.

The first thing I had to figure out was how to filter out just a certain set of users.  Adding them to a security group was easy enough using DSMOD (previous Blog post), but unfortunately the Exchange Shell doesn’t let you specify a security group when assigning permissions.  It does, however, allow you to specify a Custom Attribute.

In order to set one of the CustomAttribute settings in Active Directory to something unique, I used one of my favorite utilities… ADModify.Net.  Once ADModify.Net is launched, you’ll want to filter your users down by using the following LDAP Query:


(&(objectCategory=person)(memberOf=CN=Group,CN=OU,DC=domain,DC=local))

Once they are filtered out, you can the select all of the users that appear from the query and proceed to the next screen, and go to the Custom tab.  Under the attribute name field, type in extentionAttribute# substituting the “#” for any number between 1-15.  Make absolutely sure it is not currently in use.

Under the attribute value field, type in whatever you want in order to find your set of users easily.

Hit Go! and once everything is finished, proceed to the Exchange Management Shell.

Use the following command in the shell to add Full Access to a specific user for all of your users with the Custom Attribute set to the value you specified.  You’ll need to change the labels in bold to fit your environment.


Get-mailbox –filter {CustomAttribute1 –eq “VALUE”} | Add-MailboxPermission -User "TrustedUser" -AccessRights FullAccess

Use the following command in the shell to add only Receive As access rights to a specific user for all of your users with the Custom Attribute set to the value you specified.  You’ll need to change the labels in bold to fit your environment.


Get-mailbox –filter {CustomAttribute1 –eq “VALUE”} | Add-ADPermission -User "TrustedUser" -ExtendedRights Receive-As

That’s it.  Technically giving a user Full Access will also give the Receive As rights, but I like to be thorough.

Good luck! : )

Advertisements

One Response to “How to assign Full Access Permissions to Multiple Mailboxes in Exchange 2007/2010”

  1. How would you modify this if you wanted to do it per OU?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s