5.23. Granting Users or Groups Permission to Access Other Mailboxes
Problem
You have a mailbox and need to allow either an additional user or a group of users to access information within it. This mailbox could either be a normal user mailbox or a resource mailbox, used to book a resource such as a conference room, audio/video equipment, or a company car.
Solution
Using a graphical user interface
Log on to any machine in your domain that has the Exchange management tools installed.
Open the ADUC snap-in (Users and Computers.msc).
Browse to the container that holds the target user account.
Ensure that the Advanced View is selected on the View menu.
Right-click the user account whose mailbox you want others to be able to access and click Properties.
Select the Exchange Advanced tab and click Mailbox Rights.
Click Add and select the users and groups you wish to have permissions to the mailbox. Click OK.
In the Allow column of the Permissions list, make sure Full mailbox access is checked. Click OK.
Click OK.
Discussion
The link between an AD user object and the actual mailbox in the
Exchange message store is contained in two places: the security
descriptor property on the actual mailbox database and the msExchMailboxSecurityDescriptor property in AD. The msExchMailboxSecurityDescriptor property is added to the AD user object by the Exchange schema updates; it holds a partial copy of the security descriptor on the actual mailbox. Modifying the AD property directly will not change the descriptor ...
Get Exchange Server Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
