Del via


Add-MailboxPermission (RTM)

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007

Use the Add-MailboxPermission cmdlet to add permissions to a mailbox.

Syntax

Add-MailboxPermission -Identity <MailboxIdParameter> -AccessRights <MailboxRights[]> -User <SecurityPrincipalIdParameter> [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>]

Add-MailboxPermission -Identity <MailboxIdParameter> -Owner <SecurityPrincipalIdParameter> [-DomainController <Fqdn>]

Add-MailboxPermission [-Identity <MailboxIdParameter>] -Instance <MailboxAcePresentationObject> [-AccessRights <MailboxRights[]>] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-User <SecurityPrincipalIdParameter>]

Detailed Description

This cmdlet allows you to grant permissions to a mailbox, for example, granting a user full access to another user's mailbox.

To run the Add-MailboxPermission cmdlet, the account you use must be delegated, at minimum, the following permission on the server where the mailbox resides:

  • Exchange Server Administrator or Exchange Organization Administrator

In addition, the account you use may require additional permissions within Active Directory to perform certain operations. To make sure that you have the appropriate permissions, the account you use must be delegated the Account Operators permission in the domain where target mailbox-enabled account exists.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Parameters

Parameter Required Type Description

AccessRights

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxRights[]

The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:

  • FullAccess

  • SendAs

  • ExternalAccount

  • DeleteItem

  • ReadPermission

  • ChangePermission

  • ChangeOwner

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter

The Identity parameter specifies the identity of the mailbox that is getting permissions added.

Note

The Identity parameter requires the full name of the user in quotation marks.

Instance

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject

The Instance parameter enables you to pass an entire object to the command to be processed. It is mainly used in scripts where an entire object must be passed to the command.

Owner

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The Owner parameter specifies the owner of that mailbox object.

User

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The User parameter specifies the user mailbox that the permissions are being granted to on the other mailbox.

Deny

Optional

System.Management.Automation.SwitchParameter

The Deny parameter denies permissions to the user on the mailbox.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name of the domain controller that retrieves data from the Active Directory directory service, include the DomainController parameter in the command.

InheritanceType

Optional

System.DirectoryServices.ActiveDirectorySecurityInheritance

Use this parameter to specify whether permissions are inherited to folders within the mailbox.

Input Types

Return Types

Errors

Error Description

Exceptions

Exceptions Description

Example

This example will grant Ted Bremer full access to Ellen Adam's mailbox.

Note

The Identity parameter requires the full name of the user in quotation marks.

Add-MailboxPermission -Identity "Ellen Adams" -User TedBrem -Accessright Fullaccess -InheritanceType all