Admin access to all mailboxes

This question is not answered This question is not answered

Several weeks ago I ran a PowerShell command so I could have access to all mailboxes.

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User admin@domain.com -AccessRights fullaccess -InheritanceType all

Why is it that I still have access to NEW mailboxes?

 

Also if I run the command to remove admin access will also remove it for my mailbox?

Add-MailboxPermission user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All

I don't think that I should still have the rights

Thank for any input you can give me

All Replies
  • Hi John,

    Based on my understanding you run command, Get-Mailbox -ResultSize unlimited … InheritanceType all, to grant you full access permission on all current mailbox. However, you found you have access permission to new created mailbox as well.  If I misunderstood your concerns please let me know.

    The issue was a little strange. So I would like to clarify how you know you have access permission on the new mailbox? Did you add the new mailbox to some groups? Did the issue occur if you create another new mailbox?

    Best regards,

    Alex Du

  • I can tell because i can use the drop down by my name and connect to the mailbox in OWA. This also happens for all NEW mailboxes that i have made.

  • Hi John,

    I'm not sure why you are getting access to the new mailboxes. I ran the script you listed in your original post in my test account and I didn't get access to new mailboxes created after the script was run.

    If you want to remove permissions to the mailbox you can run this script:

    Add-MailboxPermission -Identity mailbox@domain.com -user user@domain.com -deny

    with mailbox being the the mailbox you want to remove permission to and user being your admin user account.

    This would work for a mailbox by mailbox approach, but if you want to do all of them at once you should be able to  user the same approach you took with your original script:

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -user user@domain.com -deny

    Let me know if that helps,

    Dave