Granting Read Permission for Microsoft Exchange Container
To grant this permission to an account, complete the following steps:
- From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK.
-
In the ADSIEdit snap-in, open the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<…>,DC=<…> container.
- Right-click the Microsoft Exchange container and select Properties.
- In the Properties dialog box, click the Security tab.
- On the Security tab, click Add and select the account to which you wish to assign permissions.
- Select the account name, and then enable the Allow option for the Read permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 5 and click Edit.
- In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.
-
Close the dialog boxes by clicking OK.
Granting Full Control on Mailbox Database
To grant the Full Control permission on a mailbox database to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell:
Get-MailboxDatabase | Add-ADPermission -User LA\JohnSmith -AccessRights GenericAll -ExtendedRights Receive-As
Granting Membership in Local Administrators Group
To add an account to the local Administrators group on a server, perform the following:
- Open the Computer Management snap-in (Click Start | Run, enter compmgmt.msc and then click OK).
- In the left pane click System Tools | Local Users and Groups | Groups.
- Right-click the Administrators group and click Add to Group.
- Click Add and select the account.
- Close the dialog boxes by clicking OK.
Granting Move Mailboxes Management Role
To grant the Move Mailboxes management role to the <User> (in our example, LA\JohnSmith), run the following cmdlet in Exchange Management Shell:
New-ManagementRoleAssignment -Role "Move Mailboxes" -User LA\JohnSmith