The Exchange 2007 Wiki

Menu

Getting Started
Programming Exchange
PowerShell Scripts

Organization Node
  - Mailbox
  - Client Access
  - Hub Transport
  - Unified Messaging
Server Node
  - Mailbox
  - Client Access
  - Hub Transport
  - Unified Messaging
Edge Transport
Recipient Management
Tips and Tricks
FAQs
  - Definitions
  - Ask a Question

Site Index
Home


Wall of Fame
Syndication
Feedback

The content on this site is provided "AS IS" with no warranties, and confers no rights.

Permission Groups and the Usage Property

The adpermission tasks require quite a bit of knowledge. To make it easier, Receive Connectors provide a property called PermissionGroups. This property can be used to tell the connector what ‘logical’ groups are allowed to use this connector, and the connector UI provides a tool to control this property. The possible values and their meaning are:

 

 

PermissionGroup
Description
AnonymousUsers
Anonymous users.
ExchangeUsers
Authenticated users (well-known accounts are
excluded).
Note: Not available on the Edge role.
ExchangeServers
Other Exchange 2007 servers.
ExchangeLegacyServers
Other pre-Exchange 2007 servers.
Note: Not available on the Edge role.
Custom
Doesn’t match any of the presets exactly. This is when the admin
configures the permissions using the adpermission tasks.
Note: This property is read-only.

 

 

If you are curious as to what permissions get granted through the use of the PermissionGroups property, you can always use the get-adpermission task to list the permissions. The next table lists the actual permissions that get granted for both the Edge and the Hub role.

 

 

PermissionGroup
Edge Permissions
Hub Permissions
AnonymousUsers
ms-… -Submit
ms-…-Accept-Any-Sender
ms-…-Accept-Headers-Routing
ms-…-Submit
ms-…-Accept-Any-Sender
ms-…-Accept-Headers-Routing
ExchangeUsers
N/A
ms-…-Submit
ms-…-Accept-Any-Recipient
ms-…-Bypass-Anti-Spam
ExchangeServers
All except any send permission
All except any send permission
ExchangeLegacyServers
N/A

 

All except:
Any send permission
ms-…-Accept-Headers-Organization
ms-…-Accept-Headers-Forest

 

 

Note that messages that were originally received through an anonymous session will get marked as such. One of the side effects is that the sender address will not be resolved when Outlook shows the message, indicating a low confidence level of such a message.

 

Besides the PermissionGroups property on a ReceiveConnector, the New-ReceiveConnector and New-SendConnector tasks also have a property called “Usage”. This property will cause the task to select some defaults for certain properties, including the PermissionGroups property. The following table shows which PermissionGroups get set if you provide a value for the “Usage” property on the new-receiveconnector task:

 

 

Usage type
Edge PermissionGroups
Hub PermissionGroups
Custom
None
None
Internet
AnonymousUsers
AnonymousUsers
Internal
ExchangeServers
ExchangeServers, ExchangeUsers
Legacy
AnonymousUsers, ExchangeServers
ExchangeLegacyServers
Default
AnonymousUsers, ExchangeServers
ExchangeServers, ExchangeLegacyServers, ExchangeUser

 

 

The values for Usage on SendConnectors are Internal, Legacy and Custom. As SendConnectors do not have a PermissionGroups property there is no such table for the new-sendconnector task. I could spell out the individual permissions for each logical group, but I choose to leave it out of this document.

Site

Changes
Index
Search

 

User

 

Log In
Register

 
 

Last Modified 8/3/06 1:13 PM