Wednesday, August 1, 2012

How to Grant Mailbox Rights to another user



How to Grant Mailbox Rights to another user

  1. Open Active Directory Users and Computers.
  2. On the Menu, select "View".
  3. On the dropdown selections, select "Advanced Features" so they are checked and turned on.
  4. Either double click the user whose mailbox you want someone else to have access to or right click the user and select "Properties". A user properties dialog box will appear.
  5. Select the "Exchange Advanced" tab.

  1. Click the "Mailbox Rights" button. A mailbox permissions dialog box will appear. 
  2. Add the users that you want to have access to the mailbox. Permissions that can be given each user include:
    • Delete mailbox storage - Allows the users with this permission the ability to delete the mailbox from the Exchange System store.
    • Read permissions - Allows the users with this permission the ability to view the permissions for this mailbox.
    • Change permissions - Allows the users with this permission the ability to change the permissions for this mailbox.
    • Take ownership - Allows the users with this permission the ability to take ownership of the mailbox.
    • Full mailbox access - Allows the users with this permission the ability to read and write to the mailbox which includes reading e-mail, deleting e-mail, sending e-mail, and adding notes and other items to the mailbox.
    • Associated external account - This is used to identify a user that is not included in the Active Directory forest. This shows the associated external account as the mailbox owner.
    As a minimum, full mailbox access will be required to grant mailbox rights. Click OK to exit the permissions dialog box. If you need no further permissions assigned to that user click OK to exit the user properties dialog box.
    How to give users account access. Click on the security tab of the user properties dialog box.

    Permissions we grant (Items in bold are set to allow):
    • Full control
    • Read
    • Write
    • Create All Child Objects
    • Delete All Child Objects
    • Change Password
    • Receive As
    • Reset Password
    • Send As
    • Read Phone and Mail Options
    • Write Phone and Mail Options
    • Read General Information
    • Write General Information
    • Read Group Membership
    • Write Group Membership
    • Read Personal Information
    • Write Personal Information
    • Read Public Information
    • Write Public Information
    • Read Remove Access Information
    • Write Remove Access Information
    • Read Account Restrictions
    • Write Account Restrictions
    • Read Logon Information
    • Write Logon Information
    • Read Web Information
    • Write Web Information
Our way to configure is that:
  1. The general account (security account) has rights to person's mailbox.
  2. The general account (security account) has rights to the person's account (in security tab of account properties)
  3. The person has rights to the general account (security account). Rights as listed above are done with the exception of the below which are NOT granted:
    • Change Password
    • Receive As
    • Reset Password
  4. The person needs rights to the general account mailbox with "Full mailbox access" rights.

No comments:

Post a Comment