The first thing to consider, is how you will control access, will you add individual users, or a security group with users in it.
A security group is the most efficient and tidiest by far, therefore this post will assume you are using a security group.
Method one
The first option is to give the security group full access to all user mailboxes
Advantage
The permissions will follow the mailbox around when it is moved between databases
Disadvantage
You will have to apply the permission to all new users you create
To use this method, use the Exchange Management Shell (also known as Powershell or EMS)to get all the mailboxes in your organisation, and then pipe this into a command that set the permissions:
Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue
$userAccounts = get-mailbox -resultsize unlimited
ForEach ($user in $userAccounts)
{
add-MailboxPermission -identity $user -user “Your Security Group Name” -AccessRights FullAccess
}
Method two:
The second option is to apply the permissions to the exchange mailbox database, so all mailboxes within that database will inherit those permissions.
Advantage
All new users will automaticly inherit the permissions you set on the storage group
Disadvantage
If different permissions are set on different databases, when users are moved between databases they will not be subject to the permissions that were assigned to the original database.
Use EMS to run the following command
Add-ADPermission -identity YourDatabasename -user “Your Security Group Name” -AccessRights genericall
No comments:
Post a Comment