Question : Opening Other Mailboxes

I want to set globally myself and my director to be able to open other mailboxes of any user in our organization. I've read a couple KBs on here and saw a couple URLs referenced (http://technet.microsoft.com/en-us/library/aa996343(EXCHG.80).aspx, http://exchange-genie.blogspot.com/2007/08/add-adpermission.html,
http://exchange-genie.blogspot.com/2007/07/add-mailbox-permission-vs-add.html, and http://exchangepedia.com/blog/2007/06/how-to-grant-full-mailbox-access.html) and know I'm close but not quite there with the syntax. I think I've narrowed it down to having to use the "Get-MailboxDatabase" cmdlet, but where my problem is coming is the "-Identity" parameter. You see, I have 4 storage groups, and the SG databases are on separate drives (F:\ and G:\, NOT C:\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group). So, what do I specifically type for a storage group on say the G:\ drive? Let's say my DB is at the following path -> G:\DBFolder\Storage Group Name\DB.edb...what would be the cmdlet/parameters I use to grant myself (john.doe) full access to all mailboxes in the DB.edb? This is what I attempted:

Get-MailboxDatabase -Identity "G:\DBFolder\Storage Group Name\DB.edb" | Add-ADPermission -User john.doe -AccessRights GenericAll

And got the following error:

Get-MailboxDatabase : Cannot bind parameter 'Identity'. Cannot convert value "G:\DBFolder\Storage Group Name\DB.edb" to type "Microsoft.Exchange.Configuration.Tasks.DatabaseIdParameter". Error: "'G:\DBFolder\Storage Group Name\DB.edb' is not a valid value for the identity. Parameter name: Identity"
At line:1 char:30
+ Get-MailboxDatabase -Identity <<<< "G:\DBFolder\Storage Group Name\DB.edb' " | Add-ADPermission -User john.doe -AccessRights GenericAll

Any assistance would be greatly appreciated.

Thanks!

Answer : Opening Other Mailboxes

Hi there,

I don't think that command will do what you want. It's not how you set Full Mailbox Access. I suspect what you actually want is this command

Get-Mailbox | Add-MailboxPermission -AccessRights Fullaccess -User john.doe

Which adds John Doe with Full Mailbox Access to every mailbox configured in Exchange.

Still, it would be useful to know why the command above isn't working. Lets take a look at this:

Get-MailboxDatabase -Identity "G:\DBFolder\Storage Group Name\DB.edb"

The command uses a logical identity not a physical path (logical in that's how you see it in Exchange System Manager). For example if you had this structure in Exchange:

UK-EXCH-01 <-- Server Name
Mailbox Group 1 <-- Storage Group
Database 1 <-- Database Name

You would have an identity of:

"UK-EXCH-01\Mailbox Group 1\Database 1"

That can be shortened to just "Database 1" if there's only one of those on your server, as long as it manages a unique match.

If you're not sure what the identities might be, run:

Get-MailboxDatabase | Format-List

It'll show you a lot, but most importantly it'll show you the Identity of each store on your server. If you're doing this for all stores you should be able to do:

Get-MailboxDatabase | Add-ADPermission -User john.doe -AccessRights GenericAll

Chris

Random Solutions

Desktop Shortcut to URL does not open IE

can group policy uncheck "require server verifcation" checkbox in trusted sites?

Opening a new window with window.showModalDialog

Retrieving Large ResultSets

Using NIS for Domain/Client

how to change the IP address of Linux box in network

What happens if readystatechange doesn't change

ForEach and ForEach-Object not the same?

How to clone Windows 2000 system