Remove-MailboxPermission (RTM)
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007
Use the Remove-MailboxPermission cmdlet to remove permissions from a user's mailbox.
Syntax
Remove-MailboxPermission -Identity <MailboxIdParameter> -AccessRights <MailboxRights[]> -User <SecurityPrincipalIdParameter> [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>]
Remove-MailboxPermission [-Identity <MailboxIdParameter>] -Instance <MailboxAcePresentationObject> [-AccessRights <MailboxRights[]>] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-User <SecurityPrincipalIdParameter>]
Remove-MailboxPermission -Identity <MailboxIdParameter> [-DomainController <Fqdn>]
Detailed Description
This cmdlet allows you to remove permissions from a user's mailbox, for example removing full access to another user's mailbox.
To run the Remove-MailboxPermission cmdlet, the account you use must be delegated the following:
- Exchange Recipient Administrator role
In addition, the account you use may require additional permissions within Active Directory to perform certain operations. To make sure that you have the appropriate permissions, the account you use must be delegated the Account Operators permission in the domain where target mailbox-enabled account exists.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
AccessRights |
Required |
Microsoft.Exchange.Management.RecipientTasks.MailboxRights[] |
The AccessRights parameter specifies the rights that are required to perform the operation. Valid values include:
|
Identity |
Required |
Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter |
The Identity parameter specifies the identity of the mailbox for which permission is required. |
Instance |
Required |
Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject |
The Instance parameter enables you to pass an entire object to the command to be processed. It is mainly used in scripts where an entire object must be passed to the command. |
User |
Required |
Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter |
The User parameter specifies the user mailbox that will get permissions added. |
Deny |
Optional |
System.Management.Automation.SwitchParameter |
The Deny parameter denies permissions to the user on the Active Directory object. |
DomainController |
Optional |
Microsoft.Exchange.Data.Fqdn |
To specify the fully qualified domain name of the domain controller that retrieves data from Active Directory, include the DomainController parameter in the command. |
InheritanceType |
Optional |
System.DirectoryServices.ActiveDirectorySecurityInheritance |
The InheritanceType parameter specifies whether permissions are inherited to folders within the mailbox. |
Input Types
Return Types
Errors
| Error | Description |
|---|---|
Exceptions
| Exceptions | Description |
|---|---|
Example
This example will remove user Test2's full access rights to Test1's mailbox.
Remove-MailboxPermission -Identity Test1 -User Test2 -AccessRight FullAccess -InheritanceType All