How to configure Delegation Access for Exchange 2007 / 2010 On Premise

Last update:
Created :
Written by Thomas Speekenbrink

Overview:

This article will describe how to set Delegation access rights on Exchange 2007 & Exchange 2010 On Premise.

How to:

Mailbox Permissions

When security policies dictate that full access permissions can only be granted to specific mailboxes, use the Add-MailboxPermission. This is an Exchange permission that is restricted to mailboxes only.

This permission in not inheritable, so it cannot be assigned to Storage Servers, Storage Groups, or Storage Databases. A Windows Powershell script can be used in EMS to apply this permission when a mailbox is created, or to bulk assign the permission to multiple mailboxes.

Add-MailboxPermission - In the Exchange Management Shell run the following command to grant full access permissions for a single mailbox:

  • Add-MailboxPermission -Identity "targetmailbox" -User "Trusted User" -AccessRights FullAccess
  • Add-MailboxPermission -Identity "jdoe" -User "DOMAIN\syncuser" -AccessRights FullAccess

To confirm that what permissions are assigned to a mailbox:

  • Get-MailboxPermission -Identity "targetmailbox" | Format-List
  • Get-MailboxPermission -Identity “jdoe” | Format-List

Powershell Command Generator

For ease of use, we have also created an Powershell Command Generator, which might aid in searching for the correct command to execute.