Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

Add-ADPermission (RTM)

 

Applies to: Exchange Server 2007

Topic Last Modified: 2007-06-11

Use the Add-ADPermission cmdlet to add permissions to an Active Directory directory service object.


Add-ADPermission -Identity <ADRawEntryIdParameter> -User <SecurityPrincipalIdParameter> [-AccessRights <ActiveDirectoryRights[]>] [-ChildObjectTypes <ADSchemaObjectIdParameter[]>] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-ExtendedRights <ExtendedRightIdParameter[]>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-InheritedObjectType <ADSchemaObjectIdParameter>] [-Properties <ADSchemaObjectIdParameter[]>]


Add-ADPermission -Identity <ADRawEntryIdParameter> -Owner <SecurityPrincipalIdParameter> [-DomainController <Fqdn>]


Add-ADPermission [-Identity <ADRawEntryIdParameter>] -Instance <ADAcePresentationObject> [-AccessRights <ActiveDirectoryRights[]>] [-ChildObjectTypes <ADSchemaObjectIdParameter[]>] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-ExtendedRights <ExtendedRightIdParameter[]>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-InheritedObjectType <ADSchemaObjectIdParameter>] [-Properties <ADSchemaObjectIdParameter[]>] [-User <SecurityPrincipalIdParameter>]

The Add-ADPermission cmdlet grants permissions to an Active Directory object, for example, modifying an access control entry (ACE) on a server object.

To run the Add-ADPermission cmdlet, the account you use must be delegated the following:

  • Exchange Recipient Administrator role
  • Account Operator role for the applicable Active Directory containers

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

For more information about extended rights, see Permissions.

 

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.ADRawEntryIdParameter

The Identity parameter specifies the identity of the object that is getting permissions added.

noteNote:
The Identity parameter requires the full name of the user in quotation marks.

Instance

Required

Microsoft.Exchange.Management.RecipientTasks.ADAcePresentationObject

The Instance parameter enables you to pass an entire object to the command to be processed. It is mainly used in scripts where an entire object must be passed to the command.

Owner

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The Owner parameter specifies the owner of the Active Directory object.

User

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The User parameter specifies the user mailbox that the permissions are being granted to on the other mailbox.

AccessRights

Optional

System.DirectoryServices.ActiveDirectoryRights[]

The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:

  • CreateChild
  • DeleteChild
  • ListChildren
  • Self
  • ReadProperty
  • WriteProperty
  • DeleteTree
  • ListObject
  • ExtendedRight
  • Delete
  • ReadControl
  • GenericExecute
  • GenericWrite
  • GenericRead
  • WriteDacl
  • WriteOwner
  • GenericAll
  • Synchronize
  • AccessSystemSecurity

ChildObjectTypes

Optional

Microsoft.Exchange.Configuration.Tasks.ADSchemaObjectIdParameter[]

The ChildObjectTypes parameter specifies what type of object the permission is with.

Deny

Optional

System.Management.Automation.SwitchParameter

The Deny parameter denies permissions to the user on the Active Directory object.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory, include the DomainController parameter in the command.

ExtendedRights

Optional

Microsoft.Exchange.Configuration.Tasks.ExtendedRightIdParameter[]

The ExtendedRights parameter specifies the extended rights needed to perform the operation. Valid values include:

  • Send-As
  • Receive-As
  • View Information Store status

InheritanceType

Optional

System.DirectoryServices.ActiveDirectorySecurityInheritance

The InheritanceType parameter specifies whether permissions are inherited.

InheritedObjectType

Optional

Microsoft.Exchange.Configuration.Tasks.ADSchemaObjectIdParameter

The InheritedObjectType parameter specifies what kind of object inherits this ACE.

Properties

Optional

Microsoft.Exchange.Configuration.Tasks.ADSchemaObjectIdParameter[]

The Properties parameter specifies what properties the object contains.

 

Error Description

 

Exceptions Description

This example will grant send as permissions for Ted Bremer to Ellen Adam's mailbox.

noteNote:
The Identity parameter requires the full name of the user in quotation marks.
Add-ADPermission -Identity "Ellen Adams" -User TedBrem -AccessRights extendedright -ExtendedRights "send as"
To ensure that you are reading the most up-to-date information and to find additional Exchange Server 2007 documentation, visit the Exchange Server TechCenter.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.