Exchange Server Share

… Information sharing on Exchange Server …

FAQ: Access on All the Mailboxes of a Server – Exchange 2007

How to give permission to access all the mailboxes of a mailbox database or a server in Exchange 2007?

You can open and read the content of mailbox if you have Full Mailbox Access or Receive As permission on it.

Sometimes auditor, HR person or some application wants access on all the mailboxes of a database or a server, in that case you can assign Receive As permission at mailbox database level for a user/group which grants access to logon to all the mailboxes.

Reference: How to Allow Mailbox Access



Let’s say, I need to give access to open all the mailboxes of a server “ESS-Exch702″ to a user “Auditor”.

We can give Receive-As permission on all the mailbox databases of a server with blow command.

Get-MailboxDatabase -Server “ESS-Exch702” | Add-ADPermission -User “Auditor” -ExtendedRights Receive-As


Note: The configuration change does not take effect until store cache is refreshed, which is by default two hours interval or for immediate effect we can restart Exchange Information Store service.


After giving Receive-As permission to Auditor on ESS-Exch702 server, it can open all the mailboxes which are available on it.


If you want to give access to open all the mailboxes of just a database then you can run below command.

Get-MailboxDatabase -Identity “Name Of Database” | Add-ADPermission -User “Auditor” -ExtendedRights Receive-As

You can not Send As a mail on behalf of mailbox even though you have Full Mailbox access or Receive As permission and for that you need to assign Send As permission.


Written by Amit Tank

September 5, 2008 at 2:17 pm

5 Responses

Subscribe to comments with RSS.

  1. […] FAQ: Access on All the Mailboxes of a Server – Exchange 2007 […]

  2. Interesting post.

    However, this isn’t actually meant to work. After months of working on a PS case with Microsoft, they actually admitted that this is a flaw with Outlook (i.e. a bug) and will be fixed in future releases.

    Basically there is a inherited Deny permission for all users, stopping you from “blanket” full-access permission setting. You can see this if you use OWA, and try to access another mailbox after running this command.

    So sadly, it will stop working sooner rather than later!

    Damn you MS!


    September 12, 2008 at 12:23 pm

  3. Yes I agree, we need to give Full Mailbox access expectedly to user who wants to open mailbox with OWA.

    Access permission which is given by this procedure doesn’t work while opening mailbox in OWA.

    Amit Tank

    September 12, 2008 at 5:27 pm

  4. Would you know the solution so another mbx can be accessed via OWA? I get a permission denied in the stack message even though I have full access.


    September 12, 2008 at 9:25 pm

  5. Hi Paul,

    You need to give full mailbox access on the mailbox explicitly to the user to access via OWA.

    Example: Below command gives full access to the mailbox named TestA to the user named TestB, so user TestB can access TestA mailbox via Outlook Web Access.

    Add-MailboxPermission -identity TestA -User TestB -AccessRights FullAccess

    Reference: How to Enable Explicit Logons in Outlook Web Access

    You can run below command to give Full access to user TestB on all the mailboxes of a server “ESS-Exch702” hence user TestB can access all the mailboxes via OWA.

    Get-Mailbox -Server “ESS-Exch702″ | Add-MailboxPermission -User TestB -AccessRights FullAccess

    But this command gives permission to all existing mailboxes of server “ESS-Exch702” and it doesn’t apply on the new mailboxes and you need to run it again for the mailboxes which are created after running this.

    Amit Tank

    September 13, 2008 at 1:42 pm

Comments are closed.

%d bloggers like this: