Grant permissions on a single mailbox
Use the following command to grant access to just one mailbox for a single user:Add-MailboxPermission -Identity “” -User -AccessRights Fullaccess -InheritanceType all
Example:Add-MailboxPermission -Identity “Test” -User Administrator -AccessRights Fullaccess -InheritanceType all
Grant permissions on all mailboxes
Use the following command to grant access to all mailboxes for a single user:Get-Mailbox | Add-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Note: In the screenshot below I received a message saying that Administrator already have access to the mailbox Test (Yellow text message).
Grant permissions on mailboxes using Where
We might as well add a where to the command while we are at it. With this command we grant access to all mailboxes in a specific OU for a single user:
Get-Mailbox | Where { $_.OrganizationalUnit –eq “” } | Add-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Where { $_.OrganizationalUnit –eq “sundis.local/Test/Users” } | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Remove permissions on a single mailbox
Quite simple, just change Add to Remove:Remove-MailboxPermission -Identity “” -User -AccessRights Fullaccess -InheritanceType all
Example:Remove-MailboxPermission -Identity ”Test” -User Administrator -AccessRights Fullaccess -InheritanceType all
Remove permissions on all mailboxes
Well you have probably figured this one out already, but I will show it to you anyway:Get-Mailbox | Remove-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Remove-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Note: As you can se below, using this command will remove the users full access to its own mailbox. That is not good, this command should be used with care…
As a final note: These commands only affects excisting mailboxes. The permissions will not be automatically applied to new mailboxes. To achieve this you can run the command as a scheduled script on a regular basis, once every night for example.
Use the following command to grant access to just one mailbox for a single user:Add-MailboxPermission -Identity “” -User -AccessRights Fullaccess -InheritanceType all
Example:Add-MailboxPermission -Identity “Test” -User Administrator -AccessRights Fullaccess -InheritanceType all
Grant permissions on all mailboxes
Use the following command to grant access to all mailboxes for a single user:Get-Mailbox | Add-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Note: In the screenshot below I received a message saying that Administrator already have access to the mailbox Test (Yellow text message).
Grant permissions on mailboxes using Where
We might as well add a where to the command while we are at it. With this command we grant access to all mailboxes in a specific OU for a single user:
Get-Mailbox | Where { $_.OrganizationalUnit –eq “” } | Add-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Where { $_.OrganizationalUnit –eq “sundis.local/Test/Users” } | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Remove permissions on a single mailbox
Quite simple, just change Add to Remove:Remove-MailboxPermission -Identity “” -User -AccessRights Fullaccess -InheritanceType all
Example:Remove-MailboxPermission -Identity ”Test” -User Administrator -AccessRights Fullaccess -InheritanceType all
Remove permissions on all mailboxes
Well you have probably figured this one out already, but I will show it to you anyway:Get-Mailbox | Remove-MailboxPermission -User -AccessRights Fullaccess -InheritanceType all
Example:Get-Mailbox | Remove-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
Note: As you can se below, using this command will remove the users full access to its own mailbox. That is not good, this command should be used with care…
As a final note: These commands only affects excisting mailboxes. The permissions will not be automatically applied to new mailboxes. To achieve this you can run the command as a scheduled script on a regular basis, once every night for example.
