Exchange 2013 & Online, Grand Full Access to Mailboxes

You can easily provide Full Access Permissions using the GUI, just Edit the mailbox you want, go to Mailbox Delegation and provide Full Access. Both Exchange 2013 and Online is the same. But if you have to provide Full Access massively then you need PowerShell.

The command for a single user is:

Add-MailboxPermission -Identity "employee" -User "manager" -AccessRights FullAccess

with this command user “manager” will be granded with Full Access permissions to user “employee”

Now lets see how the user “manager” can take Full Access to many users, lets say “all Sales department”. The steps are two, first we need to query the “Sales Department” users and then we need to pipeline it to provide access to user “manager”
example 1: Using Active Directory OU container

get-mailbox -OrganizationalUnit domain.local/users/salesdpt | Add-MailboxPermission -User "manager" -AccessRights FullAccess

example 2: Using a txt list. As usual create a txt file and make a per-line list with title “employee” like this:
employee
username1
username2
username3
Save it as c:access.txt and then run this command:

Import-CSV c:access.txt | Foreach { Add-MailboxPermission -User "manager" -AccessRights FullAccess }

To view the permission change the “Add-MailboxPermission” with “Get-MailboxPermission”

To remove the permission change the “Add-MailboxPermission” with “Remove-MailboxPermission”

Just a final addition, when you provide Full Access permission to a user, at my example the “manager”, Outlook auto-maps the accounts that the manager gains access. So the next time he will open outlook, all mailboxes will be visible. You can force to don’t auto-map by adding -AutoMapping:$false at the end of the script, like this:

Add-MailboxPermission -Identity "employee" -User "manager" -AccessRights FullAccess -AutoMapping:$false

Be careful: with great power comes great responsibility!

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

12 − 6 =