Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2009-08-19
Use the Add-MailboxPermission cmdlet to add permissions to a mailbox.
Syntax
Add-MailboxPermission -Identity
<MailboxIdParameter> -AccessRights <MailboxRights[]>
-User <SecurityPrincipalIdParameter> [-Confirm
[<SwitchParameter>]] [-Deny <SwitchParameter>]
[-DomainController <Fqdn>] [-InheritanceType <None | All |
Descendents | SelfAndChildren | Children>] [-WhatIf
[<SwitchParameter>]]
|
Add-MailboxPermission -Identity
<MailboxIdParameter> -Owner
<SecurityPrincipalIdParameter> [-Confirm
[<SwitchParameter>]] [-DomainController <Fqdn>]
[-WhatIf [<SwitchParameter>]]
|
Add-MailboxPermission [-Identity
<MailboxIdParameter>] -Instance
<MailboxAcePresentationObject> [-AccessRights
<MailboxRights[]>] [-Confirm [<SwitchParameter>]]
[-Deny <SwitchParameter>] [-DomainController <Fqdn>]
[-InheritanceType <None | All | Descendents | SelfAndChildren |
Children>] [-User <SecurityPrincipalIdParameter>] [-WhatIf
[<SwitchParameter>]]
|
Parameters
Parameter | Required | Type | Description | ||
---|---|---|---|---|---|
AccessRights |
Required |
Microsoft.Exchange.Management.RecipientTasks.MailboxRights[] |
The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:
|
||
Identity |
Required |
Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter |
The Identity parameter specifies the identity of the mailbox that is getting permissions added.
|
||
Instance |
Required |
Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject |
The Instance parameter enables you to pass an entire object to the command to be processed. It is mainly used in scripts where an entire object must be passed to the command. |
||
Owner |
Required |
Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter |
The Owner parameter specifies the owner of that mailbox object. |
||
User |
Required |
Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter |
The User parameter specifies the user mailbox that the permissions are being granted to on the other mailbox. |
||
Deny |
Optional |
System.Management.Automation.SwitchParameter |
The Deny parameter denies permissions to the user on the mailbox. |
||
DomainController |
Optional |
Microsoft.Exchange.Data.Fqdn |
To specify the fully qualified domain name of the domain controller that retrieves data from the Active Directory directory service, include the DomainController parameter in the command. |
||
InheritanceType |
Optional |
System.DirectoryServices.ActiveDirectorySecurityInheritance |
This parameter is used to specify how far down the Active Directory object structure the “read” permissions are inherited. |
||
Confirm |
Optional |
System.Management.Automation.SwitchParameter |
The Confirm parameter causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You do not have to specify a value with the Confirm parameter. |
||
WhatIf |
Optional |
System.Management.Automation.SwitchParameter |
The WhatIf parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf parameter. |
Detailed Description
This cmdlet allows you to grant permissions to a mailbox, for example, granting a user full access to another user's mailbox.
To run the Add-MailboxPermission cmdlet, the account you use must be delegated, at minimum, the following on the server where the mailbox resides:
- Exchange Server Administrator or Exchange Organization
Administrator
In addition, the account you use may require additional permissions within Active Directory to perform certain operations. To make sure that you have the appropriate permissions, the account you use must be delegated the Account Operators permission in the domain where target mailbox-enabled account exists.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Input Types
Return Types
Errors
Error | Description |
---|---|
Exceptions
Exceptions | Description |
---|---|
Example
This example will grant Ted Bremer full access to Ellen Adam's mailbox.
Note: |
---|
The Identity parameter requires the full name of the user in quotation marks. |
Copy Code | |
---|---|
Add-MailboxPermission -Identity "Ellen Adams" -User TedBrem -Accessright Fullaccess -InheritanceType all |