Grant Full Access to All Mailboxes in Exchange 2010 – even for new databases

Hi again,

Since Exchange 2010 was released I always run into this request from administrators and help desk personnel:

“I want full access to all mailboxes, and also to all future mailboxes too ! uh and new mailboxes in new mailbox databases too !”


The following commands will do the trick, copy the first row separately- Exchange 2010 only:

$user = Read-Host -Prompt:"Enter UserName to grant permissions";

$organization = Get-OrganizationConfig;
$databasesContainer = "CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups," + $organization.DistinguishedName;
Add-ADPermission -User:$user -AccessRights ExtendedRight -ExtendedRights Receive-As, Send-As, ms-Exch-Store-Admin -Identity:$databasesContainer;

And remember with Active Directory permissions an explicit allow overwrites an inherited deny. so this will work even if you do this to an admin user / group.

Hope this helps !

Leave a Reply