My company is running Exchange 2007. From time to time, we need to open a user's Mailbox to to various tasks. Until now, we've been logging is as them and using Outlook directly. I'd like to give Full Access permission for all mailboxes to an "IT" security group in active directory, that way we can simply open their folders/mailbox in Outlook under our accounts. I understand the syntax to do this from PowerShell, but Exchange won't find the "IT" group name.
Add-MailboxPermission -Identity 'IT' -User '*' -AccessRights 'FullAccess'
The command stalls on the Identity parameter. It works fine when another exchange user is specified, but not for AD groups. I CAN add the permission through the GUI, but only one account at a time. I've tried this in every configuration I could think of, including 'DOMAIN\IT' 'CN=IT,etc..', but no dice. Any help?
Thank you!
Best Answer
You have it backwards there. The
-userreference is to the security principal that you give permission to.-Identityis the identity of the resource that the-usergets permissions on.