-----provide ad\exchange\lync\sharepoint\crm\sc\o365 and other Microsoft product implementation and outsourcing, qq:185426445. Phone 18666943750
Let's start by explaining some PowerShell commands that give and remove full access permissions
1, give the user administrator full access to the Ping.zhou mailbox, the command is as follows
Add-mailboxpermission-identity Ping.zhou-user administrator-accessrights Fullaccess-inheritancetype All
650) this.width=650; "title=" clip_image002 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M02/58/BD/ Wkiol1s7itix1fvbaaeftink1jm122.jpg "height=" 344 "/>
2, to the user administrator cancel the Ping.zhou mailbox full access permission, the command is as follows
Remove-mailboxpermission-identity Ping.zhou-user administrator-accessrights Fullaccess-inheritancetype All
650) this.width=650; "title=" clip_image004 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M02/58/C0/ Wkiom1s7ignq0--naae9hnazxte455.jpg "height=" 471 "/>
3, give the user administrator full access to all non-administrator mailboxes, the command is as follows
[This is what we need to migrate mailboxes when we use IMAP to migrate to office365 in exchange]
Get-mailbox-resultsize unlimited-filter {(recipienttypedetails-eq ' Usermailbox ')-and (Alias-ne ' Administrator ')} | Add-mailboxpermission-user administrator-accessrights Fullaccess-inheritancetype All
650) this.width=650; "title=" clip_image006 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M00/58/C0/wKiom1S7IG_T-wnrAATQ_ 3toxsk788.jpg "height=" 535 "/>
4, administrator to the user to cancel full access to all mailboxes, the command is as follows
Get-mailbox-resultsize unlimited-filter {(recipienttypedetails-eq ' Usermailbox ')-and (Alias-ne ' Administrator ')} | Remove-mailboxpermission-user administrator-accessrights Fullaccess-inheritancetype All
650) this.width=650; "title=" clip_image008 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/M01/58/C0/ Wkiom1s7ihgwblukaafgykrwqzs069.jpg "height=" 519 "/>
Requirements: Due to special reasons, an account set up some other accounts of the full access rights, the following to cancel access to these accounts, user feedback Outlook can not delete these accounts, OWA shows that no such accounts, such as:
OWA displays accounts that have been removed without full access rights
650) this.width=650; "title=" clip_image010 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/M02/58/C0/ Wkiom1s7ihsixsznaai0mtbfumm601.jpg "height=" 573 "/>
Outlook cannot open the mailbox that it has canceled full access to, but cannot delete it or open it, prompting that the folder cannot be displayed.
650) this.width=650; "title=" clip_image012 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image012 "src=" Http://s3.51cto.com/wyfs02/M00/58/C0/wKiom1S7IHai_ Rjfaah1kcavkju880.jpg "height=" 609 "/>
The reasons are as follows:
In Exchange Service Pack 1 (SP1), Exchange introduces a feature that allows Outlook 2007 and Outlook 2010 clients to be automatically mapped to any mailbox for which the user has full access rights. If a user is granted full access to another user's mailbox or shared mailbox, Outlook automatically loads all mailboxes that the user has full access to.
To do this, Exchange has implanted the Msexchdelegatelistlink attribute in Active Directory to locate the mailbox that the user has full access to, and then provides this information to the Autodiscover service. Then, Autodiscover uses the information that is required to open the full access mailbox for Outlook to populate the AlternateMailbox
properties. If the user has full access to multiple mailboxes, a performance issue may occur when you start Outlook. There is no way to disable this feature in Exchange SP1. However, in Exchange SP2, you can use the Shell to disable this feature.
This problem also exists in Exchange Server 2013.
Nor can we use the EMC to disable auto-mapping and only use EMS to disable Auto-mapping. The command is as follows:
$FixAutoMapping = get-mailboxpermission Ping.zhou |where {$_. Accessrights-eq "FullAccess"-and $_. Isinherited-eq $false}
$FixAutoMapping | Remove-mailboxpermission
$FixAutoMapping | ForEach {add-mailboxpermission-identity $_. Identity-user $_. User-accessrights fullaccess-automapping $false}
650) this.width=650; "title=" clip_image014 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/M01/58/C0/ Wkiom1s7ihijio4naagdqee3gn8928.jpg "height=" 425 "/>
After execution, restart the Exchange Transport service so that the settings take effect more quickly, and we reopen Outlook and find that the account that was previously canceled for full access is no longer in Outlook.
650) this.width=650; "title=" clip_image016 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/M02/58/BD/ Wkiol1s7iuzhqlmiaalg1p1ksni339.jpg "height=" 704 "/>
This article is from the "Zhou Ping Microsoft Technology Exchange Platform" blog, please be sure to keep this source http://yuntcloud.blog.51cto.com/1173839/1605248
PowerShell Management Series (11) Exchange Full access permissions for mailbox settings