Forum Discussion

brogyi's avatar
brogyi
Brass Contributor
Mar 22, 2022

Full access with mail enabled security group access denied

Hello, I read the MS docs Add-MailboxPermission docs (https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps) and the User parameter accepts security grou...
2016
Exchange Server
brogyi's avatar
brogyi
Brass Contributor
Mar 23, 2022
The target mailbox is not hidden. The target mailbox is a user mailbox. The delegate was created in EAC and is a mail enabled security group. So I still think it should work.
How can I get more information of the error? Beside that owa gives me (not too informative). Or what else should I check?
Deleted's avatar
Deleted
Mar 24, 2022
Could you please post the results of "get-mailboxpermission $mbox" and "get-casmailbox $mbox | fl owaenabled"?
  • brogyi's avatar
    brogyi
    Brass Contributor
    Mar 24, 2022

    Deleted 

    this is the get mailboxpermission with format list

    
RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : domainName\delegate user
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : False
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess, ReadPermission}
Deny            : False
InheritanceType : All
User            : NT AUTHORITY\SELF
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : False
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess}
Deny            : False
InheritanceType : All
User            : domainName\xch_full-access-1-1356144182
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : False
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : domainName\Tartománygazdák (<-- maybe "domain owners" not sure how to translate, it is a built in group)
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : domainName\Vállalati rendszergazdák (<-- maybe "domain administrators" not sure how to translate, it is a built in group)
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : domainName\delegate user
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess}
Deny            : True
InheritanceType : All
User            : domainName\Organization Management
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess}
Deny            : False
InheritanceType : All
User            : NT AUTHORITY\SYSTEM
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : NT AUTHORITY\HÁLÓZATI SZOLGÁLTATÁS (<-- network service)
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : domainName\Tartománygazdák (<-- maybe "domain owners" not sure how to translate, it is a built in group)
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : domainName\Vállalati rendszergazdák (<-- maybe "domain administrators" not sure how to translate, it is a built in group)
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : domainName\delegate user
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : domainName\Organization Management
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : domainName\Public Folder Management
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : domainName\Delegated Setup
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess, ReadPermission}
Deny            : False
InheritanceType : All
User            : domainName\Exchange Servers
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny            : False
InheritanceType : All
User            : domainName\Exchange Trusted Subsystem
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

RunspaceId      : 5c55fc5e-0b2f-4ad4-8e71-940942488e19
AccessRights    : {ReadPermission}
Deny            : False
InheritanceType : All
User            : domainName\Managed Availability Servers
Identity        : domainName.hu/domainName/Users/teszt/Teszt Barnabás
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

    The get-casmailbox owa enabled property is set to true

     

     

    • Deleted's avatar
      Deleted
      Mar 24, 2022
      Is "teszt.barnabas" member of the group "xch_full-access-1-1356144182"?
      • brogyi's avatar
        brogyi
        Brass Contributor
        Mar 24, 2022
        no-no, teszt.barnabas is the test user who's mailbox should be viewed through the xch_full_access group. To be clear in the Add-MailboxPermission the -identity is teszt.barnabas the test user and the -user is xch_full_access the security group.

Resources