Permissions for Exchange Server 2010 and 2013

Symprex Folder Permissions Manager, v6.2.0

MAPI Permissions

The MAPI permission requirements for Exchange Server 2010 and 2013 are:

•	Administer information store

Note It is not possible to assign permissions at the server level because inheritance to the store level cannot be enabled on Microsoft Exchange Server 2010 or 2013.

To assign an account the required Microsoft Exchange Server permissions, follow these steps:

1.	Open the Exchange Management Shell and connect to Exchange Server.

Type the following line, and then press ENTER:

Get-MailboxDatabase <MailboxDatabase> | Add-ADPermission -User <Account> -AccessRights GenericRead, GenericWrite -ExtendedRights ms-Exch-Store-Admin

where <MailboxDatabase> is the name of the mailbox database and <Account> is the name of the account to which the permissions will be assigned. If <MailboxDatabase> is omitted, the rights will be assigned to all databases in your organisation.

Important When a new mailbox database is created, step 2 must be repeated.

Type the following line, and then press ENTER:

Get-PublicFolderDatabase <PublicFolderDatabase> | Add-ADPermission -User <Account> -AccessRights GenericRead, GenericWrite -ExtendedRights ms-Exch-Store-Admin

where <PublicFolderDatabase> is the name of the Public Folder database and <Account>is the name of the account to which the permissions will be assigned. If <PublicFoldersDatabase> is omitted, the rights will be assigned to all Public Folder databases in your organisation.

Important When a new Public Folder database is created, step 3 must be repeated.

Note Any account that is a member of the Domain Admins group and none of the Exchange security groups will already have the necessary permissions.

Exchange Web Services (EWS) Permissions

The EWS permission requirements for Exchange Server 2010 and 2013 are:

•	Application Impersonation

To assign the service account the required Exchange Server permissions, follow these steps:

1.	Open the Exchange Management Shell and connect to Exchange Server.

2.	Type the following line, and then press ENTER: New-ManagementRoleAssignment -Role ApplicationImpersonation -User <Account> where <Account> is the name of the service account to which the required role will be assigned.