How to Grant Read Access Permission on a Mailbox in Exchange Server 2010/2013

We often get a request from client where they want to grant read access permission to any user on a particular mailbox. Although there is an access rights “Read Permission” for mailbox permission available in exchange server 2007/2010 and 2013. However we have seen it does not work. Based on my research I have found Read permission actually grants the ability to read the permissions that exist on the object. See http://technet.microsoft.com/en-us/query/ff734054

Here is what I have tested in my lab.

Granted Read Access permission to user LCAdmin on Indiauser1 mailbox by running below command

Added Indiauser1 mailbox as an additional mailbox in LCAdmin outlook profile. Tried to expand the folder for Indiauser1 and got below error.

Here is the workaround that I have found to grant the Read Access permission on a mailbox in Exchange 2010.

1. Granted Reviewer permission to Lcadmin on Indiauser1 mailbox folder “Top of Information Store”. Reviewer access right grants ReadItems and Folder Visible permission. See http://technet.microsoft.com/en-us/library/dd298062(v=exchg.141).aspx for more details

 

 

 

 

 

 

2. As soon as I granted this permission, Lcadmin was able to expand the Indiauser1 mailbox but it does not show any default folders such as Inbox or Sent Items.

3. Now ran the below command to provide REVIEWER permissions over all the existing folders in the Mailbox

ForEach ($f in (Get-MailboxFolderStatistics Indiauser1 | Where {($_.folderpath -notlike “/Conversation Action Settings”) -and ($_.folderpath -notlike “/Quick Step Settings”) -and ($_.folderpath -notlike “/Recoverable Items”) -and ($_.folderpath -notlike “/Deletions”) -and ($_.folderpath -notlike “/Purges”) -and ($_.folderpath -notlike “/Versions”) -and ($_.Folderpath -notlike “/Top of Information Store”)})) {$fname = “Indiauser1:” + $f.FolderPath.Replace(“/”,”\”); Add-MailboxFolderPermission $fname -User Lcadmin -AccessRights Reviewer}

Note: I have excluded few folders in the above command because these folders are hidden except root folder “Top of Information Store”. If you don’t exclude these folders you will get the warning as below.

There are two reasons to exclude the root folder “Top of information store”.

1- Exchange does not recognize the root folder as “User@domain.com:\Top of Information store” though it’s not a hidden folder.

 

2- I have already granted the permission on root folder ;)

Please let us know if you  have any feedback at mail@messagingserversupport.com

Cheers,
Team MSS


Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>