Written by Thomas Speekenbrink
This article will describe how to set Delegation access rights on Exchange 2007 & Exchange 2010 On Premise.
When security policies dictate that full access permissions can only be granted to specific mailboxes, use the Add-MailboxPermission. This is an Exchange permission that is restricted to mailboxes only.
This permission in not inheritable, so it cannot be assigned to Storage Servers, Storage Groups, or Storage Databases. A Windows Powershell script can be used in EMS to apply this permission when a mailbox is created, or to bulk assign the permission to multiple mailboxes.
Add-MailboxPermission - In the Exchange Management Shell run the following command to grant full access permissions for a single mailbox:
- Add-MailboxPermission -Identity "targetmailbox" -User "Trusted User" -AccessRights FullAccess
- Add-MailboxPermission -Identity "jdoe" -User "DOMAIN\syncuser" -AccessRights FullAccess
To confirm that what permissions are assigned to a mailbox:
- Get-MailboxPermission -Identity "targetmailbox" | Format-List
- Get-MailboxPermission -Identity “jdoe” | Format-List
Powershell Command Generator
For ease of use, we have also created an Powershell Command Generator, which might aid in searching for the correct command to execute.