PowerShell Add-MailboxPermission For Exchange 2010
Here is a PowerShell technique for allowing one user to read another user's email. While technically Add-MailboxPermission -identity is a straightforward task, emotionally, it may have repercussion if you give too many access rights to the wrong people.
If you think about it, being able to add one user to another user's mailbox permission is a potent power. Thus to achieve this task (assuming there is a good business reason), you must be a member of these exchange groups:
To get started, just focus on just two parameters of Add-MailboxPermission -Identity (the victim!) and -User (spy!).
# Add-MailboxPermission Exchange 2010
Note 1: The above example would mean that Eddie Spy could see Joe Victim's Mailbox in his Outlook 2010.
Once you have sorted out those two parts decide on the -AccessRights. Is SendAs sufficient? Or do you need FullAccess, which would allow the -User to impersonate the -Identity.
Note 2: The backtick (`) means wrap to the next line. I used this layout to emphasise the -Parameters.
There are 7 possible values for the -AccessRights parameter.
Import users from a spreadsheet, complete with their mailbox. Just provide a list of the users with the fields in the top row, and save as .csv file. Then launch this FREE utility, match your Exchange fields with AD's attributes, click and import the users. Optionally, you can provide the name of the OU where the new mailboxes will be born.
In the case of SendAs there is an alternative to Add-MailboxPermission, that is to employ a different PowerShell cmdlet called Add-ADPermission.
Note 3: Infuratingly, "Send As" is two separate words with this cmdlet.
Note 4: In the case of the specific right to 'send as', there seems little difference between Add-MailboxPermission and Add-ADPermission. However when it comes to other scripting maniplation their abilities diverge.
Observe that like almost all PowerShell nouns, MailboxPermission is singular. You can examine the parameters with this command
# Add-MailboxPermission Exchange 2010
Note 5: Add-MailboxPermission -Identity accepts the following values:
PowerShell Script to Automate Setting Mailbox Permissions
# Add-MailboxPermission -identity example
Note 6: If this works only for some of the users, try inserting Start-Sleep 5 in the loop. This will give more time to set the permissions.
With PowerShell it's often worth a manual walk-through to compare the PowerShell script with what you see in the Exchange Managment Console.
Research More Members of the MailboxPermission Family
Get-Command -noun MailboxPermission
Get-MailboxPermission -Identity "Joe Victim"
Get-MailboxPermission -Identity "Joe Victim" -User Eddie Spy
Lastly, if you make a mistake try Remove-MailboxPermission
Here is a free tool to monitor your Exchange Server. Download and install the utility, then inspect your mail queues, monitor the Exchange server's memory, confirm there is enough disk space, and check the CPU utilization.
This is the real deal - there is no catch. SolarWinds provides this fully-functioning freebie, as part of their commitment to supporting the network management community.
Thanks to Autodiscover, In Exchange 2010 Service Pack 1 (SP1), Outlook 2007 and 2010 clients automatically map to every mailbox to which they have Full Access permissions.
Sometimes this can be a curse, for example if Exchange Administrators are given full control of everyone's mailbox. If they try and open their own Outlook 2010, they will be snowed under with everyone else's email. Solution Administrator Guy Thomas has his own, humble, ordinary email account, and does not logon as Administrator.
Summary of Add-MailboxPermission in Exchange 2010
While the syntax for PowerShell's Add-MailboxPermission -identity is straightforward; however, you may stop and ask, 'Am I doing the right thing here?' Because giving one user access to another users inbox may have repercussions within the organization.
If you like this page then please share it with your friends
See more PowerShell Cmdlets for Exchange 2010: