How to grant full access permissions to all users’ mailboxes using PowerShell

There are many situations in which permissions to another user’s mailbox should be granted on Exchange Server. Sometimes it is for monitoring purposes, sometimes in order to send emails on behalf of someone else. Full access permissions give the highest level of access to a mailbox, and are necessary, for example, during a migration process. If you want to learn how to set full access permissions on Exchange 2007, Exchange 2010, or Exchange 2013, you have come to the right place.

how to access all users' mailboxes using PowerShell

If you  want to learn more about how to perform an Exchange server to Office 365 migration using native means, check this article.

In order to set those permissions for an account, you need to use an account which is a part of Organization Management group.

To do that with PowerShell, use this cmdlet:

Get-RoleGroup "Organization Management" | select members

In case the given account is not a part of Organization Management group, the administrator needs to change that using this cmdlet:

Add-RoleGroupMember "Organization Management" -Member "<account name>"

<account name> should stand for the name of the desired user.

The next step is granting full access permissions to mailboxes:

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User -AccessRights fullaccess -InheritanceType all -AutoMapping:$false

This will grant full access rights to all users for the account “”. The last parameter, “‑AutoMapping:$false” is not necessary, but is worth considering. It enables you to turn the Auto-mapping feature off. By default, if you do not include the parameter at all, it is set to $true. If it is not deactivated, admin’s Outlook will try to open all mailboxes in the company. This is rarely desirable and in case there are a lot of mailboxes, performance issues are to be expected. What is more, in many scenarios, users have experienced that removing Auto-mapping later on might prove to be problematic. Remember that if you do not include

Alternative to PowerShell

Similar effect can be acquired by using Exchange Management Console (EMC). This is, however, not recommended, as auto-mapping cannot be switched off using EMC. What is more, in Exchange 2010 and newer versions, Exchange Control Panel (ECP – the descendant of EMC) cannot be used to manage mailbox permissions.

Therefore, it is recommended to use PowerShell throughout the whole process of granting full access to users’ mailboxes. This way, it is easier to avoid unnecessary problems and switches from one administrative tool to another.

Software tip

If you need any help with administration of your Exchange server or Office 365 tenant, check how CodeTwo can help you on this site. For example, we offer a helping hand if you want to migrate mailboxes to more recent version of Exchange server or Office 365 easily, or want to unify email signatures throughout your organization. There are also many useful freeware tools, so be sure to check them, too.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>