Grant Full Access to All Mailboxes in Exchange 2010 – even for new databases

Hi again,

Since Exchange 2010 was released I always run into this request from administrators and help desk personnel:

“I want full access to all mailboxes, and also to all future mailboxes too ! uh and new mailboxes in new mailbox databases too !”


The following commands will do the trick, copy the first row separately- Exchange 2010 only:

$user = Read-Host -Prompt:"Enter UserName to grant permissions";

$organization = Get-OrganizationConfig;
$databasesContainer = "CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups," + $organization.DistinguishedName;
Add-ADPermission -User:$user -AccessRights ExtendedRight -ExtendedRights Receive-As, Send-As, ms-Exch-Store-Admin -Identity:$databasesContainer;

And remember with Active Directory permissions an explicit allow overwrites an inherited deny. so this will work even if you do this to an admin user / group.

Hope this helps !


About ilantz

I am a technology enthusiastic, I've been working as an IT consultant since late 2007, I attained extensive experience with Microsoft's Exchange Server, Active Directory, Forefront products and the Windows server platform. I love designing solutions, handling security measures, architecture and advanced troubleshooting.
This entry was posted in Exchange 2010, PowerShell. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s