Microsoft Exchange Server 2010 : Managing Mailboxes (part 4) - Assigning a Mailbox to a User from the EMS

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

3. Assigning a Mailbox to a User from the EMS

In a larger organization, you will probably want to streamline or script the creation of new mailboxes and/or user accounts. The EMS allows you to do this easily. For now, though, let's look at the example you just completed from the EMC graphical user interface. You enabled a mailbox for an existing user, assigned that user a mailbox on the MBX-002 mailbox database, and assigned that user the Standard User Managed folder policy and the Default ActiveSync policy. The cmdlet executed is as follows:

Enable-Mailbox -Identity 'ithicos.local/Corporate/Bharat Suneja' -Alias 

'Bharat.Suneja' -Database 'MBX-002' -ManagedFolderMailboxPolicy 'Standard

User Managed Folder Policy' -ActiveSyncMailboxPolicy 'Default'

The Exchange Management Console created this command and used object names to identify the user and the home mailbox database in explicit terms. However, we want to show you another example and simplify it just a bit. In this case, you have another existing user whose account is Luke.Husky and he is in the ITHICOS Active Directory domain. We will simplify this command as much as possible and here is the result:

Enable-Mailbox ithicos\luke.husky -Alias:Luke.Husky -Database:MBX-002
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Luke Husky Luke.Husky hnlmbx01 unlimited

This command works because there is only a single mailbox database in the entire organization called MBX-002. If you have not established a naming standard for databases so that each database name is not only readable but also unique, you need do so. Unique database names are required for Exchange Server 2010. When considering database names, we recommend against including the server name since a database may move from one server to another if you are using database availability groups.

3.1. Assigning Permissions to a Mailbox Using the EMS

On some occasions, you may need to assign a user the permission necessary to access another user's mailbox. This was easy enough to do in Exchange 2000/2003 using Active Directory Users and Computers. With Exchange 2010, you can perform the same task using the Manage Full Access Permission task in the Actions pane of the Exchange Management Console. The tasks available for a selected mailbox are shown in Figure 12; this includes the Manage Send As Permission and the Manage Full Access Permission tasks.

Figure 12. Mailbox management tasks available

In Exchange 2010, there are two types of mailbox permissions:

  • Full Access permission lets another user open the mailbox and view any message or folder within it.

  • Send As permission lets another user send a message that appears to be coming from the user whose mailbox it is.

Full Access vs. Send As Permission

Giving a user full access to another user's mailbox will allow the user to open the other user's mailbox and view any folder or message within the user's mailbox. However, if the user needs to be able to send a message as another user, full mailbox permission is not sufficient. Third-party products such as the Research in Motion BlackBerry Enterprise Server's (BES) service account may require Receive As permissions to the mailboxes that it manages. And the BES service account must have Send As permissions on the Active Directory object. Receive As mailbox permissions can be added through the EMC or using the Add-MailboxPermission cmdlet. Send As permissions can be added through the EMC or using the Add-ADPermission cmdlet.

If you have been managing Exchange Server organizations for some time, you may remember a time when giving users full mailbox rights would allow them to see all the messages and folders as well as send messages that would originate from that mailbox's address. However, that changed with an Exchange Server 2003 post–Service Pack 2 hotfix. Now Send As permissions must be assigned separately.

3.2. Assigning Full Access Permission

To assign Full Access permissions, simply select the mailbox to which you want to add more permissions and click the Manage Full Access Permission task. This launches the Manage Full Access Permission wizard shown in Figure 13. In this example, we are adding users Clayton.Kamiya and Chris.Eanes to the list of users who have full access for this mailbox.

Figure 13. Adding full mailbox access permissions

This could also be done using the EMS cmdlet Add-MailboxPermission. In this example, we are assigning user Clayton.Kamiya permissions to access Betty McBee's mailbox:

Add-MailboxPermission Betty.McBee -User volcanosurfb\Clayton.Kamiya 

-AccessRights FullAccess

If you want to assign an administrator permissions to access all mailboxes (such as to import or export mailbox content), you can use the Role-Based Access Control (RBAC) management role called Mailbox Import Export. For example, if we want to assign user Clayton.Kamiya the role that would allow him to open all mailboxes, we could use this command:

New-ManagementRoleAssignment -Role "Mailbox Import Export" 

-User Clayton.Kamiya

3.3. Assigning Send As Permission

To assign Send As permissions, you need to run the Manage Send As Permission task in the Actions pane. Figure 14 shows the Manage Send As Permission wizard; here we are assigning user Peter.ODowd the Send As permissions to Betty's user account.

Figure 14. Assigning Send As permissions for a user

You can perform the same task using the EMS; here is an example of giving user volcanosurfb\Peter.ODowd Send As permissions to Betty McBee's user account:

Add-ADPermission 'CN=Betty McBee,OU=VolcanoSurfboards, 

DC=volcanosurfboards,DC=com' -User 'VOLCANOSURFB\Peter.ODowd'


You can also remove the permissions you have assigned via the EMS with the following command:

Remove-ADPermission 'CN=Betty McBee,OU=VolcanoSurfboards, 

DC=volcanosurfboards,DC=com' -User 'VOLCANOSURFB\PeterODowd'

-InheritanceType 'All' -ExtendedRights 'send-as' -ChildObjectTypes $null

-InheritedObjectType $null -Properties $null
  •  Bare-Metal Recovery : Solaris Bare-Metal Recovery - Setup of a Noninteractive Restore (part 2) - Creating a Noninteractive Disk Image
  •  Bare-Metal Recovery : Solaris Bare-Metal Recovery - Setup of a Noninteractive Restore (part 1) - Noninteractive Setup Files, Creating a Noninteractive Tape Image
  •  Bare-Metal Recovery : Solaris Bare-Metal Recovery - Preparing for an Interactive Restore (part 2) - Bare-Metal Recovery with Flash Archive
  •  Bare-Metal Recovery : Solaris Bare-Metal Recovery - Preparing for an Interactive Restore (part 1) - Creating Flash Archive Images
  •  Bare-Metal Recovery : Solaris Bare-Metal Recovery - Using Flash Archive
  •  Commercial Backup Utilities (part 1) - Full Support of Your Platforms, Backup of Raw Partitions
  •  Programming WCF Services : Instance Management - Behaviors
  •  SAP Planning : Best Practices Approach to Staffing the SAP TSO
  •  Creating Interactive Windows Services : Services and Polling - Using Configuration Files
  •  Creating Interactive Windows Services : Services and Polling - Updating Tutorials.ThreadFunc
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us