Add-ADPermission (RTM): Exchange 2007 Help

Add-ADPermission (RTM): Exchange 20...

Switch on low bandwidth view

Collapse All

Language Filter

Add-ADPermission (RTM)

Applies to: Exchange Server 2007 Topic Last Modified: 2007-06-11

Use the Add-ADPermission cmdlet to add permissions to an Active Directory directory service object.

Syntax


Add-ADPermission -Identity <ADRawEntryIdParameter> -User <SecurityPrincipalIdParameter> [-AccessRights <ActiveDirectoryRights[]>] [-ChildObjectTypes <ADSchemaObjectIdParameter[]>] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-ExtendedRights <ExtendedRightIdParameter[]>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-InheritedObjectType <ADSchemaObjectIdParameter>] [-Properties <ADSchemaObjectIdParameter[]>]


Add-ADPermission -Identity <ADRawEntryIdParameter> -Owner <SecurityPrincipalIdParameter> [-DomainController <Fqdn>]


Add-ADPermission [-Identity <ADRawEntryIdParameter>] -Instance <ADAcePresentationObject> [-AccessRights <ActiveDirectoryRights[]>] [-ChildObjectTypes <ADSchemaObjectIdParameter[]>] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-ExtendedRights <ExtendedRightIdParameter[]>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-InheritedObjectType <ADSchemaObjectIdParameter>] [-Properties <ADSchemaObjectIdParameter[]>] [-User <SecurityPrincipalIdParameter>]

Parameters

Parameter	Required	Type	Description
Identity	Required	Microsoft.Exchange.Configuration.Tasks.ADRawEntryIdParameter	The Identity parameter specifies the identity of the object that is getting permissions added. Note: The Identity parameter requires the full name of the user in quotation marks.
Instance	Required	Microsoft.Exchange.Management.RecipientTasks.ADAcePresentationObject	The Instance parameter enables you to pass an entire object to the command to be processed. It is mainly used in scripts where an entire object must be passed to the command.
Owner	Required	Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter	The Owner parameter specifies the owner of the Active Directory object.
User	Required	Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter	The User parameter specifies the user mailbox that the permissions are being granted to on the other mailbox.
AccessRights	Optional	System.DirectoryServices.ActiveDirectoryRights[]	The AccessRights parameter specifies the rights needed to perform the operation. Valid values include: CreateChild DeleteChild ListChildren Self ReadProperty WriteProperty DeleteTree ListObject ExtendedRight Delete ReadControl GenericExecute GenericWrite GenericRead WriteDacl WriteOwner GenericAll Synchronize AccessSystemSecurity
ChildObjectTypes	Optional	Microsoft.Exchange.Configuration.Tasks.ADSchemaObjectIdParameter[]	The ChildObjectTypes parameter specifies what type of object the permission is with.
Deny	Optional	System.Management.Automation.SwitchParameter	The Deny parameter denies permissions to the user on the Active Directory object.
DomainController	Optional	Microsoft.Exchange.Data.Fqdn	To specify the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory, include the DomainController parameter in the command.
ExtendedRights	Optional	Microsoft.Exchange.Configuration.Tasks.ExtendedRightIdParameter[]	The ExtendedRights parameter specifies the extended rights needed to perform the operation. Valid values include: Send-As Receive-As View Information Store status
InheritanceType	Optional	System.DirectoryServices.ActiveDirectorySecurityInheritance	The InheritanceType parameter specifies whether permissions are inherited.
InheritedObjectType	Optional	Microsoft.Exchange.Configuration.Tasks.ADSchemaObjectIdParameter	The InheritedObjectType parameter specifies what kind of object inherits this ACE.
Properties	Optional	Microsoft.Exchange.Configuration.Tasks.ADSchemaObjectIdParameter[]	The Properties parameter specifies what properties the object contains.

Detailed Description

The Add-ADPermission cmdlet grants permissions to an Active Directory object, for example, modifying an access control entry (ACE) on a server object.

To run the Add-ADPermission cmdlet, the account you use must be delegated the following:

Exchange Recipient Administrator role
Account Operator role for the applicable Active Directory containers

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

For more information about extended rights, see Permissions.

Input Types

Return Types

Errors

Error	Description

Exceptions

Exceptions	Description

Example

This example will grant send as permissions for Ted Bremer to Ellen Adam's mailbox.

Note:
The Identity parameter requires the full name of the user in quotation marks.

Add-ADPermission -Identity "Ellen Adams" -User TedBrem -AccessRights extendedright -ExtendedRights "send as"