Thursday, March 27, 2014

Exchange Server 2013 - Full Access Mailbox Permission Vs Send AS Permissions



Exchange Server 2013 - Full Access Mailbox Permission Vs Send AS Permissions
When USERA who want to have full access permission of another user mailbox USERB (i.e will allow only to open the other user mailbox and view the folders and emails) which can be achieved using the Exchange 2013 PowerShell cmdlet Add-MailboxPermission. 

Although USERA have full acccess permission on USERB mailbox, USERA will not able to send email as USERB. In order to achieve it we need to user Add-ADPermission with Send-As Permission.

Earlier when user have full access they can able to send email as another user.This change was brought in place after the Exchange 2003 SP2 hotfix release. 

To provide Send on Behalf of permission use Set-Mailbox cmdlet

E.g Adding: Set-Mailbox -Identity Raji -GrantSendOnBehalfto Mark

      Removing: Set-Mailbox -Identity Raji -GrantSendOnBehalfto @{Remove="mark@mail.com"}
Note:

  • Send As Permission                        ------------ Add-Adpermission,
  • Full Access Mailbox Permission  ------------  Add-MailboxPermission. 
  • SendOnBehalf                                   ------------ Set-Mailbox


Ø  Outlook uses the external namespace to connect to alternate mailboxes, even though Outlook is located on the internal network in Exchange Server 2013”. Reference: http://support.microsoft.com/kb/2839517

Adding Mailbox Permission with AutoMapping

Add-MailboxPermission -Identity Mark -User 'Raji' -AccessRights FullAccess -InheritanceType All -AutoMapping $True


 Verifying Mailbox Permission

Get-MailboxPermission -Identity Mark | Format-List


To find specific user access of Mailbox Permission

Get-MailboxPermission -Identity Mark  -User "Rajis" | Format-List

To find owner of the mailbox

Get-MailboxPermission -Identity Mark –Owner


To remove Mailbox Permission

Remove-MailboxPermission -Identity Mark -User Rajis -AccessRights FullAccess -InheritanceType All
To provide Send-As Permission

Add-ADPermission -Identity "Mark" -User RajiS  -AccessRights ExtendedRight -ExtendedRights "Send As"
To check extended permission 

Get-ADPermission Mark -User Rajis | ft identity, user, extendedrights, accessrights

To remove AD Permission

Remove-ADPermission -Identity Mark  -User RajiS  -ExtendedRights "Send As"

No comments:

Post a Comment

The blog is written to the share the knowledge mainly on Microsoft Exchange Server and other Microsoft product that experienced on day-to-day life.