Share via


Remove-MailboxPermission

 

Applies to: Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

Use the Remove-MailboxPermission cmdlet to remove permissions from a user's mailbox.

Syntax

Remove-MailboxPermission -Identity <MailboxIdParameter> -AccessRights <MailboxRights[]> -User <SecurityPrincipalIdParameter> [-Confirm [<SwitchParameter>]] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-WhatIf [<SwitchParameter>]]

Remove-MailboxPermission [-Identity <MailboxIdParameter>] -Instance <MailboxAcePresentationObject> [-AccessRights <MailboxRights[]>] [-Confirm [<SwitchParameter>]] [-Deny <SwitchParameter>] [-DomainController <Fqdn>] [-InheritanceType <None | All | Descendents | SelfAndChildren | Children>] [-User <SecurityPrincipalIdParameter>] [-WhatIf [<SwitchParameter>]]

Remove-MailboxPermission -Identity <MailboxIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-WhatIf [<SwitchParameter>]]

Detailed Description

This cmdlet allows you to remove permissions from a user's mailbox, for example removing full access to another user's mailbox.

To run the Remove-MailboxPermission cmdlet, the account you use must be delegated the following:

  • Exchange Recipient Administrator role

In addition, the account you use may require additional permissions within Active Directory to perform certain operations. To make sure that you have the appropriate permissions, the account you use must be delegated the Account Operators permission in the domain where target mailbox-enabled account exists.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Parameters

Parameter Required Type Description

AccessRights

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxRights[]

The AccessRights parameter specifies the rights that are required to perform the operation. Valid values include:

  • FullAccess

  • SendAs

  • ExternalAccount

  • DeleteItem

  • ReadPermission

  • ChangePermission

  • ChangeOwner

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter

The Identity parameter specifies the identity of the mailbox for which permission is required.

Instance

Required

Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject

The Instance parameter enables you to pass an entire object to the command to be processed. It is mainly used in scripts where an entire object must be passed to the command.

User

Required

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The User parameter specifies the user mailbox that will get permissions added.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm parameter causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You do not have to specify a value for this parameter.

Deny

Optional

System.Management.Automation.SwitchParameter

The Deny parameter denies permissions to the user on the Active Directory object.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name of the domain controller that retrieves data from Active Directory, include the DomainController parameter in the command.

InheritanceType

Optional

System.DirectoryServices.ActiveDirectorySecurityInheritance

The InheritanceType parameter specifies whether permissions are inherited to folders within the mailbox.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf parameter.

Input Types

Return Types

Errors

Error Description

Exceptions

Exceptions Description

Example

This example will remove user Test2's full access rights to user Test1's mailbox.

Remove-MailboxPermission -Identity Test1 -User Test2 -AccessRight FullAccess -InheritanceType All