Export (0) Print
Expand All

Add-MailboxPermission

Applies to: Exchange Server 2010

Topic Last Modified: 2011-03-19

Use the Add-MailboxPermission cmdlet to add permissions to a mailbox.


Add-MailboxPermission -Identity <MailboxIdParameter> -AccessRights <MailboxRights[]> -User <SecurityPrincipalIdParameter> [-Confirm [<SwitchParameter>]] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-WhatIf [<SwitchParameter>]]


Add-MailboxPermission -Identity <MailboxIdParameter> -Owner <SecurityPrincipalIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-WhatIf [<SwitchParameter>]]


Add-MailboxPermission [-Identity <MailboxIdParameter>] -Instance <MailboxAcePresentationObject> [-AccessRights <MailboxRights[]>] [-Confirm [<SwitchParameter>]] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-User <SecurityPrincipalIdParameter>] [-WhatIf [<SwitchParameter>]]

Parameter Required Type Description

AccessRights

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxRights[]

The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:

  • FullAccess
  • SendAs
  • ExternalAccount
  • DeleteItem
  • ReadPermission
  • ChangePermission
  • ChangeOwner

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter

The Identity parameter specifies the identity of the mailbox that's getting permissions added. You can use the following values:

  • Alias
  • Display name
  • Domain\Account
  • SMTP address
  • Distinguished name (DN)
  • Object GUID
  • User principal name (UPN)
  • LegacyExchangeDN

Instance

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject

The Instance parameter is no longer used and will be deprecated.

Owner

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The Owner parameter specifies the owner of the mailbox object.

User

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The User parameter specifies the user mailbox that the permissions are being granted to on the other mailbox.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch can be used to suppress the confirmation prompt that appears by default when this cmdlet is run. To suppress the confirmation prompt, use the syntax -Confirm:$False. You must include a colon ( : ) in the syntax.

Deny

Optional

System.Management.Automation.SwitchParameter

The Deny switch specifies whether to deny permissions to the user on the mailbox.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

IgnoreDefaultScope

Optional

System.Management.Automation.SwitchParameter

The IgnoreDefaultScope parameter instructs the command to ignore the default recipient scope setting for the Exchange Management Shell session and use the entire forest as the scope. This allows the command to access Active Directory objects that aren't currently in the default scope. Using the IgnoreDefaultScope parameter introduces the following restrictions:

  • You can't use the DomainController parameter. The command uses an appropriate global catalog server automatically.
  • You can only use the DN for the Identity parameter. Other forms of identification, such as alias or GUID, aren't accepted.

InheritanceType

Optional

System.DirectoryServices.ActiveDirectorySecurityInheritance

The InheritanceType parameter specifies whether permissions are inherited by folders within the mailbox.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.

Error Description

Exceptions Description

This example grants Kevin Kelly full access to Ellen Adam's mailbox.

Bb124097.note(en-us,EXCHG.140).gifNote:
The Identity parameter requires the full name of the user to be enclosed in quotation marks (").
Add-MailboxPermission -Identity "Ellen Adams" -User KevinKelly -AccessRights FullAccess -InheritanceType All

This example grants Ayla Kol read permission to Tony Smith's mailbox.

Add-MailboxPermission -Identity "Tony Smith" -User "Ayla Kol" -AccessRights ReadPermission

This example sets Tony Smith as the owner of the resource mailbox Room 222.

Add-MailboxPermission -Identity "Room 222" -Owner "Tony Smith" 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft