Exchange Server 2013 - Full Access Mailbox Permission
Vs Send AS Permissions
When USERA who want to have full access
permission of another user mailbox USERB (i.e will allow only to open the other
user mailbox and view the folders and emails) which can be achieved using the
Exchange 2013 PowerShell cmdlet Add-MailboxPermission.
Although USERA have full acccess permission
on USERB mailbox, USERA will not able to send email as USERB. In order to
achieve it we need to user
Add-ADPermission with Send-As Permission.
Earlier when user have full access they can
able to send email as another user.This change was brought in place after the
Exchange 2003 SP2 hotfix release.
To provide Send on Behalf of permission use
Set-Mailbox cmdlet
E.g Adding: Set-Mailbox -Identity Raji
-GrantSendOnBehalfto Mark
Removing: Set-Mailbox -Identity Raji -GrantSendOnBehalfto
@{Remove="mark@mail.com"}
Note:
- Send As Permission ------------ Add-Adpermission,
- Full Access Mailbox Permission ------------ Add-MailboxPermission.
- SendOnBehalf ------------ Set-Mailbox
Ø “Outlook uses the external
namespace to connect to alternate mailboxes, even though Outlook is located on
the internal network in Exchange Server 2013”. Reference: http://support.microsoft.com/kb/2839517
Adding
Mailbox Permission with AutoMapping
Add-MailboxPermission -Identity Mark -User
'Raji' -AccessRights FullAccess -InheritanceType All -AutoMapping $True
Verifying
Mailbox Permission
Get-MailboxPermission -Identity Mark |
Format-List
To
find specific user access of Mailbox Permission
Get-MailboxPermission -Identity Mark -User "Rajis" | Format-List
To
find owner of the mailbox
Get-MailboxPermission -Identity Mark –Owner
To
remove Mailbox Permission
Remove-MailboxPermission -Identity Mark
-User Rajis -AccessRights FullAccess -InheritanceType All
To
provide Send-As Permission
Add-ADPermission -Identity "Mark"
-User RajiS -AccessRights ExtendedRight
-ExtendedRights "Send As"
To
check extended permission
Get-ADPermission Mark -User Rajis | ft
identity, user, extendedrights, accessrights
To
remove AD Permission
Remove-ADPermission -Identity Mark -User RajiS -ExtendedRights "Send As"
No comments:
Post a Comment