- Manage Full Access Permission
- Manage Send As Permission
To grant Exchange Recipient Administrators the ability to change permissions on mailboxes they must have the ExtendedRights "ms-Exch-Store-Admin" in Active Directory on the Configuration Partition. This can be granted using the following powershell command:
Add-ADPermission -Identity "CN=Exchange Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -User "domain\Exchange Recipient Administrators" -ExtendedRights ms-Exch-Store-Admin -InheritanceType All
Ensure you change the Exchange Org to reflect your Exchange org and the domain\ to reflect your domain's NetBIOS name.
If the permissions are not set right you will get an error similar to:
Failed to commit the change on object "a757e5a9-64e0-49cb-ac90-acda685c7f1c" because access is denied.
MapiExceptionNoAccess: Unable to set mailbox SecurityDescriptor. (hr=0x80070005, ec=-2147024891)
Exchange Management Shell command attempted:
Add-MailboxPermission -Identity 'CN=Domain User,OU=People,DC=domain,DC=local' -User 'DOMAIN\account.name' -AccessRights 'FullAccess'
Elapsed Time: 00:00:00
Failed to commit the change on object because access is denied.
Hope this post has been helpful.