An Exchange administrator occasionally must grant a user access to another user’s mailbox. In Exchange 2010, there are a couple of ways to accomplish this task. For those who prefer a graphical experience, the access permissions can be granted with the Manage Full Access Permission Wizard.

An alternative method is by running the Add-MailboxPermission cmdlet in the Exchange Management Shell, the command line interface for administering an Exchange 2010 server. The syntax of the cmdlet is as follows:

Add-MailboxPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -AccessRights ‘FullAccess’

The following example of the Add-MailboxPermission cmdlet grants my user account full access to John Public’s mailbox:

Add-MailboxPermission -Identity ‘CN=Jim Doyle,OU=Engineering,DC=contoso,DC=com’ -User ‘CONTOSO\jpublic’ -AccessRights ‘FullAccess’

In order to revoke the full access permissons assigned above, an Exchange administrator would run the Remove-MailboxPermission cmdlet in the Exchange Management Shell:

Remove-MailboxPermission -Identity ‘UserBeingGrantedPermission’ -User ‘UserWhoseMailboxIsBeingConfigured’ -AccessRights ‘FullAccess’ -InheritanceType ‘All’

The following example of the Remove-MailboxPermission cmdlet revokes my user account’s full access permissions to John Public’s mailbox:

Remove-MailboxPermission -Identity ‘CN=Jim Doyle, OU=Engineering,DC=contoso,DC=com’ -User ‘CONTOSO\jpublic’ -AccessRights ‘FullAccess’ -InheritanceType ‘All’

In my next post, I will show how to grant a user Send As permissions using the Exchange 2010 and the Exchange Management Shell.