MsExchange Blog Spot Telnet25

January 11, 2009

How to configure Helpdesk mailbox and delegate send behalf of rights to Distribution Group

Filed under: Exchange 2007 — telnet25 @ 11:40 pm

Scenario:

Business needs to create mailbox called helpdesk to keep track of new helpdesk e-mail. The helpdesk consist of several team members and they all need to monitor helpdesk mail box and also send mail as helpdesk mailbox while the members logged into their own workstation.

If you wish to download the full document please click  here

Steps:
Use GUI EMC (Console) to create desired mailboxes.

  1. Helpdesk@telnet25.org ( mailbox)
  2. Tier1@telnet25.org (mail enabled Universal Distribution Group) the reason why we are creating DL is to make all helpdesk team members to make a member of this DL called Tier1. This will give us ability to assign proper right to the Group and simply manage the rest of the operations by adding users in it.

Reference

Adding mailbox permission “helpdesk” for user “Tier1” with access rights “‘FullAccess’

 Add-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

Removing mailbox permission “helpdesk” for user “Tier1” with access rights “‘FullAccess'”

 Remove-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

Adding Active Directory permission “helpDesk” for user “Tier1” with access rights “‘all'”.

 Add-MailboxPermission helpdesk -AccessRights Sendas -User Tier1

 

 Remove-MailboxPermission helpdesk -AccessRights Sendas -User Tier1

 

 Add-ADPermission helpDesk -ExtendedRights all -User Tier1

Removing Active Directory permission “helpDesk” for user “Tier1” with access rights “‘all'”.

 Remove-ADPermission helpDesk -ExtendedRights all -User Tier1

Adding Active Directory permission “helpDesk” for user “Tier1” with access rights “‘send-as'”.

This also adds send as rights on the Helpdesk mailbox for Tier 1 Group. Initially if you go to exchange server and open EMC, find the Helpdesk mail enables user account, right click, pick send as permissions and assign it to Tier1 Group, you will notice the AD object will get the same effects and send as right will be give to Tier1 group on Helpdesk object. Below command achieves same results from EMS.

 

 Add-ADPermission helpDesk -ExtendedRights send-as -User Tier1

 

Removing Active Directory permission “helpDesk” for user “Tier1” with access rights “‘send-as'”.

This also removes send as rights on the Helpdesk mailbox for Tier 1 Group

 Remove-ADPermission helpDesk -ExtendedRights send-as -User Tier1

 

Finally we will set Grand Send on Behalf right to Tier1 group for helpdesk mailbox.

 Set-DistributionGroup -Identity Tier1 -GrantSendOnBehalfTo Helpdesk

 

Another example assigning Grand Send on behalf right to another mail enabled user.

 Set-Mailbox –ID HelpDesk –GrantSendOnBehalfTo Odedeal

 

 Remove-MailboxPermission -ID helpdesk -User Tier1 -AccessRights FullAccess

 

Step one:

Make sure you have already created helpdesk mail box as well as mail enabled group called Tier1 (Change the names as you wish). Also make sure you have added appropriate members into Tier1 mail enabled group.

  • Open EMS
  • Type or copy & paste below command.
  • As you can see after this command is issues, members of Tier1 Group will be able to bring helpdesk mailbox as additional mailbox on to their outlook shown below.
 Add-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

 Adding Mailbox Permission, we mailbox called Helpdesk and Mail Enabled Universal Security Group called Tier1. The command below will add Full access rights to Helpdesk for Tier1 Mail Enabled Universal Security Group.

Note: If your account is member of Tier1 Group you will be able to log in to outlook as yourself and by going properties of your mailbox (where your name appears within the outlook) and add Helpdesk mailbox as second mailbox to your own, so that you can monitor it.

This is also useful to troubleshoot a user problem, assign the rights to yourself and Plug the trouble mailbox to your own and when you are done remove the rights.

  • Properties
  • Advance
  • Advance
  • Click Add
  • Type the name of the mailbox (Helpdesk)
  • Click Ok two times to get out

Remember this does not grand the Tier1 Group send as helpdesk mailbox and most likely the person who monitors this mailbox will need ability to “send as” Helpdesk while they logged in as themselves. If you try to send mail as if coming from helpdesk you will receive

“You don’t have the permission to send the message on behalf of the specific user”

Step 2:

AD Send as Permission ON AD object as well as Mailbox itself

 Add-ADPermission helpdesk -ExtendedRights send-as -user tier1

 

Remove AD Send as permission.

 Remove-ADPermission helpdesk -ExtendedRights receive-as -user tier1

 Note: This command will modify AD Object permissions for helpdesk mailbox as well as Exchange mailbox rights as it is shown below windows.
To see AD rights from command line

 Get-ADPermission HelpDesk |fl

 

Step 3

Note: remember we are assigning Send behalf rights to a mail enabled Group in this example

 Set-DistributionGroup -Identity Tier1 -GrantSendOnBehalfTo Helpdesk

 

If we were doing the same work for user1 needs send behalf right to user 2 we would do this

 Get-MailboxPermission -Identity HelpDesk -User Tier1

 

You can run the following command to verify that the mailbox permissions applied successfully:

Oz ozugurlu

Oz ozugurlu MVP (Exchange)

MCITP (EMA), MCITP (EA) MCITP (SA),

MCSE (M+, S+) MCDST,

Security+, Server +, Project+

Blog:smtp25.blogspot.com

Blog: telnet25.wordpress.com

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: