Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-13

Use the Add-MailboxPermission cmdlet to add permissions to a mailbox.

Syntax

Add-MailboxPermission -Identity <MailboxIdParameter> -AccessRights <MailboxRights[]> -User <SecurityPrincipalIdParameter> [-AutoMapping <$true | $false>] [-Confirm [<SwitchParameter>]] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-WhatIf [<SwitchParameter>]]
Add-MailboxPermission -Identity <MailboxIdParameter> -Owner <SecurityPrincipalIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-WhatIf [<SwitchParameter>]]
Add-MailboxPermission [-Identity <MailboxIdParameter>] -Instance <MailboxAcePresentationObject> [-AccessRights <MailboxRights[]>] [-AutoMapping <$true | $false>] [-Confirm [<SwitchParameter>]] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-User <SecurityPrincipalIdParameter>] [-WhatIf [<SwitchParameter>]]

Detailed Description

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter

The Identity parameter specifies the identity of the mailbox that's getting permissions added.

This parameter accepts the following values:

  • Alias

    Example: JPhillips

  • Canonical DN

    Example: Atlanta.Corp.Contoso.Com/Users/JPhillips

  • Display Name

    Example: Jeff Phillips

  • Distinguished Name (DN)

    Example: CN=JPhillips,CN=Users,DC=Atlanta,DC=Corp,DC=contoso,DC=com

  • Domain\Account

    Example: Atlanta\JPhillips

  • GUID

    Example: fb456636-fe7d-4d58-9d15-5af57d0354c2

  • Immutable ID

    Example: fb456636-fe7d-4d58-9d15-5af57d0354c2@contoso.com

  • Legacy Exchange DN

    Example: /o=Contoso/ou=AdministrativeGroup/cn=Recipients/cn=JPhillips

  • SMTP Address

    Example: Jeff.Phillips@contoso.com

  • User Principal Name

    Example: JPhillips@contoso.com

AccessRights

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxRights[]

The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:

  • FullAccess

  • SendAs

  • ExternalAccount

  • DeleteItem

  • ReadPermission

  • ChangePermission

  • ChangeOwner

Instance

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject

The Instance parameter is no longer used and will be deprecated.

Owner

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The Owner parameter specifies the owner of the mailbox object.

User

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The User parameter specifies the user mailbox that the permissions are being granted to on the other mailbox.

AutoMapping

Optional

System.Boolean

The Automapping parameter specifies whether to ignore the auto-mapping feature in Outlook. If a user is granted Full Access permissions to another user's mailbox or to a shared mailbox, Outlook, through Autodiscover, automatically loads all mailboxes to which the user has full access. This parameter accepts $true or $false values. For more information about auto-mapping, see Disable Outlook Auto-Mapping with Full Access Mailboxes.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch can be used to suppress the confirmation prompt that appears by default when this cmdlet is run. To suppress the confirmation prompt, use the syntax -Confirm:$False. You must include a colon ( : ) in the syntax.

Deny

Optional

System.Management.Automation.SwitchParameter

The Deny switch specifies whether to deny permissions to the user on the mailbox.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

IgnoreDefaultScope

Optional

System.Management.Automation.SwitchParameter

The IgnoreDefaultScope parameter instructs the command to ignore the default recipient scope setting for the Exchange Management Shell session and use the entire forest as the scope. This allows the command to access Active Directory objects that aren't currently in the default scope. Using the IgnoreDefaultScope parameter introduces the following restrictions:

  • You can't use the DomainController parameter. The command uses an appropriate global catalog server automatically.

  • You can only use the DN for the Identity parameter. Other forms of identification, such as alias or GUID, aren't accepted.

InheritanceType

Optional

System.DirectoryServices.ActiveDirectorySecurityInheritance

The InheritanceType parameter specifies whether permissions are inherited by folders within the mailbox.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

Examples

EXAMPLE 1

This example grants Kevin Kelly full access to Ellen Adam's mailbox.

Note:
The Identity parameter requires the full name of the user to be enclosed in quotation marks (").
Copy Code
Add-MailboxPermission -Identity "Ellen Adams" -User KevinKelly -AccessRights FullAccess -InheritanceType All

EXAMPLE 2

This example sets Tony Smith as the owner of the resource mailbox Room 222.

Copy Code
Add-MailboxPermission -Identity "Room 222" -Owner "Tony Smith" 

EXAMPLE 3

This example grants the user Mark Steele Full Access permission to Jeroen Cool’s mailbox and disables the auto-mapping feature.

Copy Code
Add-MailboxPermission -Identity JeroenC -User 'Mark Steele' -AccessRight FullAccess -InheritanceType All -Automapping $false