PowerShell Management Series (11) Exchange Full access permissions for mailbox settings

-----provide ad\exchange\lync\sharepoint\crm\sc\o365 and other Microsoft product implementation and outsourcing, qq:185426445. Phone 18666943750

Let's start by explaining some PowerShell commands that give and remove full access permissions

1, give the user administrator full access to the Ping.zhou mailbox, the command is as follows

Add-mailboxpermission-identity Ping.zhou-user administrator-accessrights Fullaccess-inheritancetype All

650) this.width=650; "title=" clip_image002 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M02/58/BD/ Wkiol1s7itix1fvbaaeftink1jm122.jpg "height=" 344 "/>

2, to the user administrator cancel the Ping.zhou mailbox full access permission, the command is as follows

Remove-mailboxpermission-identity Ping.zhou-user administrator-accessrights Fullaccess-inheritancetype All

650) this.width=650; "title=" clip_image004 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M02/58/C0/ Wkiom1s7ignq0--naae9hnazxte455.jpg "height=" 471 "/>

3, give the user administrator full access to all non-administrator mailboxes, the command is as follows

[This is what we need to migrate mailboxes when we use IMAP to migrate to office365 in exchange]

Get-mailbox-resultsize unlimited-filter {(recipienttypedetails-eq ' Usermailbox ')-and (Alias-ne ' Administrator ')} | Add-mailboxpermission-user administrator-accessrights Fullaccess-inheritancetype All

650) this.width=650; "title=" clip_image006 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M00/58/C0/wKiom1S7IG_T-wnrAATQ_ 3toxsk788.jpg "height=" 535 "/>

4, administrator to the user to cancel full access to all mailboxes, the command is as follows

Get-mailbox-resultsize unlimited-filter {(recipienttypedetails-eq ' Usermailbox ')-and (Alias-ne ' Administrator ')} | Remove-mailboxpermission-user administrator-accessrights Fullaccess-inheritancetype All

650) this.width=650; "title=" clip_image008 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/M01/58/C0/ Wkiom1s7ihgwblukaafgykrwqzs069.jpg "height=" 519 "/>

Requirements: Due to special reasons, an account set up some other accounts of the full access rights, the following to cancel access to these accounts, user feedback Outlook can not delete these accounts, OWA shows that no such accounts, such as:

OWA displays accounts that have been removed without full access rights

650) this.width=650; "title=" clip_image010 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/M02/58/C0/ Wkiom1s7ihsixsznaai0mtbfumm601.jpg "height=" 573 "/>

Outlook cannot open the mailbox that it has canceled full access to, but cannot delete it or open it, prompting that the folder cannot be displayed.

650) this.width=650; "title=" clip_image012 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image012 "src=" Http://s3.51cto.com/wyfs02/M00/58/C0/wKiom1S7IHai_ Rjfaah1kcavkju880.jpg "height=" 609 "/>

The reasons are as follows:

In Exchange Service Pack 1 (SP1), Exchange introduces a feature that allows Outlook 2007 and Outlook 2010 clients to be automatically mapped to any mailbox for which the user has full access rights. If a user is granted full access to another user's mailbox or shared mailbox, Outlook automatically loads all mailboxes that the user has full access to.

To do this, Exchange has implanted the Msexchdelegatelistlink attribute in Active Directory to locate the mailbox that the user has full access to, and then provides this information to the Autodiscover service. Then, Autodiscover uses the information that is required to open the full access mailbox for Outlook to populate the AlternateMailbox properties. If the user has full access to multiple mailboxes, a performance issue may occur when you start Outlook. There is no way to disable this feature in Exchange SP1. However, in Exchange SP2, you can use the Shell to disable this feature.

This problem also exists in Exchange Server 2013.

Nor can we use the EMC to disable auto-mapping and only use EMS to disable Auto-mapping. The command is as follows:

$FixAutoMapping = get-mailboxpermission Ping.zhou |where {$_. Accessrights-eq "FullAccess"-and $_. Isinherited-eq $false}

$FixAutoMapping | Remove-mailboxpermission

$FixAutoMapping | ForEach {add-mailboxpermission-identity $_. Identity-user $_. User-accessrights fullaccess-automapping $false}

650) this.width=650; "title=" clip_image014 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/M01/58/C0/ Wkiom1s7ihijio4naagdqee3gn8928.jpg "height=" 425 "/>

After execution, restart the Exchange Transport service so that the settings take effect more quickly, and we reopen Outlook and find that the account that was previously canceled for full access is no longer in Outlook.

650) this.width=650; "title=" clip_image016 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/M02/58/BD/ Wkiol1s7iuzhqlmiaalg1p1ksni339.jpg "height=" 704 "/>

This article is from the "Zhou Ping Microsoft Technology Exchange Platform" blog, please be sure to keep this source http://yuntcloud.blog.51cto.com/1173839/1605248

PowerShell Management Series (11) Exchange Full access permissions for mailbox settings