Allow a User to Access Another User’s Mailbox using Shell

Occasionally, users need to access someone else’s mailbox, and in certain situations this is appropriate and preferable. You can grant permissions for a mailbox in two ways: grant access to a mailbox and its content or grant the right to send messages as the mailbox owner.

If you want to grant access to a mailbox and its contents but not grant Send As permissions, you can use the Manage Full Access Permission Wizard. In the Exchange Management Console, right-click the mailbox you want to work with and then select Manage Full Access Permission.

In the Manage Full Access Permission Wizard, click Add, and then use the Select User Or Group dialog box to choose the user or users who should have access to the mailbox. To revoke the authority to access the mailbox, select an existing user name in the Security Principal list box and then click Remove. Click Manage to set the desired access permissions.

In the Exchange Management Shell, you can use the Add-MailboxPermission and Remove-MailboxPermission cmdlets to manage full access permissions.

Adding full access permissions

 
Syntax 
Add-MailboxPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -AccessRights 'FullAccess' 

Usage 
Add-MailboxPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess' 
Removing full access permissions
Syntax 
Remove-MailboxPermission -Identity 'UserBeingGrantedPermission' -User 'UserWhoseMailboxIsBeingConfigured' -AccessRights 'FullAccess' 
-InheritanceType 'All' 

Usage 
Remove-MailboxPermission -Identity 'CN=Jerry Orman, OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess' 
-InheritanceType 'All'
If you want to grant Send As permissions, you can use the Manage Send As Permission Wizard. In the Exchange Management Console, right-click the mailbox you want to work with and then select Manage Send As Permission. In the Manage Send As Permission Wizard, click Add, and then use the Select Recipient dialog box to choose the user or users who should have this permission. To revoke this permission, select an existing user name in the Security Principal list box and then click Remove. Click Manage to set the desired Send As permissions.

In the Exchange Management Shell, you can use the Add-ADPermission and Remove-ADPermission cmdlets to manage Send As permissions.

Adding Send As permissions

Syntax 
Add-ADPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' 

Usage 
Add-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As' 
Removing Send As permissions
Syntax 
Remove-ADPermission -Identity UserBeingRevokedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' 
-InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectType $null -Properties $null 

Usage 
Remove-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering, DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As' 
-InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectTypes $null -Properties $null

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s