Exchange-Genie » SendAS http://www.exchange-genie.com This blog is dedicated to Microsoft Exchange Thu, 12 Jan 2012 19:50:10 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Add-Mailbox Permissions VS Add-AdPermission Part 2 http://www.exchange-genie.com/2007/08/add-mailbox-permissions-vs-add-adpermission-part-2/ http://www.exchange-genie.com/2007/08/add-mailbox-permissions-vs-add-adpermission-part-2/#comments Sun, 12 Aug 2007 23:42:00 +0000 admin http://www.exchange-genie.com/?p=14 This is the follow up blog

Add-ADPermission (Section not completed)

Who can run this be default?
Exchange Recipient Administrator role Account Operator role for the applicable Active Directory containers

What are the valid permission that can be applied?
(http://technet.microsoft.com/en-us/library/bb124403.aspx)
CreateChild –DeleteChild–ListChildren–Self–ReadProperty–WriteProperty DeleteTree–ListObject–ExtendedRight–Delete–ReadControl–GenericExecute GenericWrite–GenericRead–WriteDacl–WriteOwner–GenericAll–Synchronize AccessSystemSecurity AD-

ADPermssions also has some extended rights that can be associated with it Send-As Receive-As View Information Store status

Lets start with the number 1 item everyone typcially uses, delegating the rights to Send As another user. This can be used with items like Black Berry or to delegate rights to a shared mailbox.

Extended Rights:

Scenario 1: Send AS

Lets view the current permission on the account
- Get-ADPermission User1 fl user,accessrights

1. Delegate Sends AS

2. Open Outlook – attempt send as user from Outlook

We can see the message is delivered and shows that it was sent from user1

After granting Send AS permission we are still unable to open a users mailbox, with add-mailboxpermission we can only apply permissions to an individual mailbox however what if we need to deploy rights to a single database or storage group?

*Note to all to all users we can pipe the command

example get-mailbox add-mailboxpermission**

Granting Recieve As is similar to granting fullaccess to a mailbox, however with Exchange 2007 if you wish to open a users mailbox in OWA you will need to grant fullaccess with add-mailboxpermission as well.

Scenario 2: Recieve AS
http://technet.microsoft.com/en-us/library/aa996343.aspx
http://msexchangeteam.com/archive/2006/01/25/418099.aspx

1. Lets grant recieve as permission

Lets validate our permission, but this time we will use adsiedit.msc. Since these are AD permssion we can view them with adsiedit.

**note you have to load the support tools to install adsiedit.msc**

Scenario 3: View Information Store
Why reinvent the wheel if I dont have too http://www.windowsitpro.com/Article/ArticleID/49432/49432.html

http://technet.microsoft.com/en-us/library/aa996343.aspx

august the avengers movie fugitive pieces college movie teacher the movie actors star wars the clone wars imdb movie zoolander bunny movie alive or dead personalize movie jcvd movie ending uncle buck movie release toys are not for children eldest movie life begins for andy hardy movie release

]]> http://www.exchange-genie.com/2007/08/add-mailbox-permissions-vs-add-adpermission-part-2/feed/ 5