How to set Delegate Access Rights for Microsoft Exchange 2007 - 2010 & Office 365

Last update:
Created :
Written by Thomas Speekenbrink

Overview:

The created domain user (SyncUser) is being used to access the Exchange folders for the synchronization users. There are 2 methods to set the correct access rights for the newly created domain user.

Method 1 (Recommended) is the recommended method to use, when using this method no further actions are required when new Exchange users are added. (Note: This can not be used for Office 365).

Method 2 can be used from the Exchange Management Shell. This method has no graphical user interface. (Note: This can also be used for Office 365).

How to:

Method 1 (Recommended)

Give the newly created user full access rights to the Exchange mail store. Please follow the steps as described below.

  • Start the Microsoft Exchange Management Console

  • Expand Microsoft Exchange On-Premise expand Recipient Configuration

  • The Manage Full Access Permission wizard opens
  • Click Add; In the Select User or Group, select the user to which you want to grant the Full Access.

 

  • Press Manage.

  • The user rights will be applied as you can see in the Completion page, the Summary states whether the Full Access permission was successfully granted. The summary also displays the Exchange Management Shell command that was used to grant the Full Access permission
  • Press Finish to add the user rights to the mailbox store

NOTE: Full Access permissions are not granted until the Microsoft Exchange Information Store Service caches the permissions and updates the cache. To grant the permissions immediately, stop and then restart the Microsoft Exchange Information Store Service.

Method 2

Give the new created domain user access rights to each individual synchronization user or to all users. Please follow the steps as described below.

  • Start the Microsoft Exchange Management Shell.

  • In the Exchange Management Shell you need to enter the following command line to set the rights per user:
  • Add-MailboxPermission “Mailbox” –User “Trusted User” –AccessRights FullAccess

EXAMPLE: Add-MailboxPermission “SyncUser” -User “SyncUser” – AccessRights FullAccess 

  • When the command has completed successfully the shell windows looks like this:

  • In the Exchange Management Shell you need to enter the following command line to set the rights for all users
  • Get-MailboxDatabase | Add-ADPermission -User "YOURDOMAIN\SyncUser" -AccessRights GenericAll

EXAMPLE: Get-MailboxDatabase |Add-ADPermission -User ”YOURDOMAIN\SyncUser” -AccessRights GenericAll

NOTE: Full Access permissions are not granted until the Microsoft Exchange Information Store Service caches the permissions and updates the cache. To grant the permissions immediately, stop and then restart the Microsoft Exchange Information Store Service.