Question : Exchange 2010 - granting full access to all mailboxes

I am having problems granting full mailbox access to the domain administrator account for mailboxes on Exch2010 server.

When running only Exch2007 I created a group “Exchange Mail Admins” as a “Security Group/Domain Local”. I then granted access to the mailbox databases as follows:

Add-ADPermission -Identity "Exch2007 MBX Database" -User "Exchange Mail Admins" -ExtendedRights Receive-As
Add-ADPermission -Identity "Exch2007 MBX Database" -User "Exchange Mail Admins" -ExtendedRights Send-As
Add-ADPermission -Identity "Exch2007 MBX Database" -User "Exchange Mail Admins" -ExtendedRights "Administer Information Store"

The users (including the domain administrator account) that are members of the security group can access any mailbox on my Exch2007 server. They can also do send-as

After installing Exch2010 and granting the exact same permissions to the same group I find that the “ordinary” users in the group can access all mailboxes, however they can not do send-as. The domain administrator can not access any mailboxes at all. What am I missing here? Is there a “deny” on the Exch2010 databases for the domain administrator account by default in Exch2010 that is overriding the grant I am doing?

The same commands as listed above have been executed on Exch2010 – exactly the same as on Exch2007, but now I am thinking I should have done this differently using the new RBAC method. Can anyone tell me if there is already a predefind group in Exch2010 that I should add the users that should have access to all mailboxes to? What they need is to be able to open mailboxes, read/export any content, do send-as.

Any help appreciated!

Answer : Exchange 2010 - granting full access to all mailboxes

Yes there is explicit deny for admins, also you might want to use the GUI in the RMC and re-grant them full mailbox access and send/as again