Symprex Folder Permissions Manager, v7.0.0

Permissions for Exchange Server 2010 and Higher

MAPI Permissions

 

The MAPI permission requirements for Exchange Server 2010 and higher are:

 

Administer information store

 

Note It is not possible to assign permissions at the server level because inheritance to the store level cannot be enabled on Microsoft Exchange Server 2010 or 2013.

 

To assign an account the required Microsoft Exchange Server permissions, follow these steps:

 

1.Open the Exchange Management Shell and connect to Exchange Server.
 

2.Type the following line, and then press ENTER:
 
Get-MailboxDatabase <MailboxDatabase> | Add-ADPermission -User <Account> -AccessRights GenericRead, GenericWrite -ExtendedRights ms-Exch-Store-Admin
 
where <MailboxDatabase> is the name of the mailbox database and <Account> is the name of the  account to which the permissions will be assigned. If <MailboxDatabase> is omitted, the rights will be assigned to all databases in your organisation.

 

Important When a new mailbox database is created, step 2 must be repeated.

 

3.Type the following line, and then press ENTER:
 
Get-PublicFolderDatabase <PublicFolderDatabase> | Add-ADPermission -User <Account> -AccessRights GenericRead, GenericWrite -ExtendedRights ms-Exch-Store-Admin
 
where <PublicFolderDatabase> is the name of the Public Folder database and <Account>is the name of the account to which the permissions will be assigned. If <PublicFoldersDatabase> is omitted, the rights will be assigned to all Public Folder databases in your organisation.

 

Important When a new Public Folder database is created, step 3 must be repeated.

 

Note Any account that is a member of the Domain Admins group and none of the Exchange security groups will already have the necessary permissions.

 

 

Exchange Web Services (EWS) Permissions

 

The EWS permission requirements for Exchange Server 2010 and higher are:

 

Application Impersonation

 

To assign the service account the required Exchange Server permissions, follow these steps:

 

1.Open the Exchange Management Shell and connect to Exchange Server.
 

2.Type the following line, and then press ENTER:
 
New-ManagementRoleAssignment -Role ApplicationImpersonation -User <Account>
 
where <Account> is the name of the service account to which the required role will be assigned.

 


Copyright © 2016 Symprex Limited. All Rights Reserved.