I have Exchange 2010 SP2 installed.
I started with this post here: theessentialexchange.com/blogs/michael/archive/2009/09/29/exchange-server-2010-administrative-access-to-all-mailboxes.aspx
I ran the command in question to provide “Receive-As” Permissions. One thing I didn't understand is it talks about giving full Rights permissions but yet it only shows giving "Receive-As" which doesn’t seem the same. But I decided to follow the instructions
anyway.
Now, by default--BEFORE running the command below--when I created a new user these accounts were given Full-Rights Permissions by default:
NT AUTHORITY\SELF
NT AUTHORITY\SYSTEM
DOMAIN\CRMMail (an account we setup)
DOMAIN\Exchange Domain Servers
DOMAIN\Exchange Servers
DOMAIN\Exchange Trusted Subsystem
I followed the blog and ran this set of commands:
$principal = "DOMAIN\xchadm"
$identity = "CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local"
Add-AdPermission –Identity $identity –User $principal –InheritedObjectType msExchPrivateMDB –extendedRights Receive-As –inheritanceType Descendents
It responded with the user and Deny: False and Inherit: False
After doing that, not only did the user “xchadm” not show up on existing user’s accounts. But now when I add a new mailbox only the account “NT AUTHORITY\SELF” is applied and no others
This is a major problem as I am adding users all the time. I can manually give the domain accounts full rights access but I can’t (with the GUI) give NT AUTHORITY\SYSTEM that I can see. So, there isn’t an easy work-around to this problem until I get it fixed.
Do you have any idea why this failed and what I can do to fix it?
This is what I have done so far:
I found this post: msundis.wordpress.com/2011/06/21/manage-full-access-permissions-on-mailboxes-in-exchange-2010/
It talks about several things including the blog post's method. At the end it shows the ADSIEdit method. I went into there and found the xchadm user in there but it had no rights. I gave it full control rights and restarted the information store service but that hasn’t fixed anything.
I don’t know what to do and I’m kinda freaking out.