I didn’t realize they were using EWS. If so, I would’ve recommended ApplicationImpersonation instead of ‘Receive As’.
Regardless, I’m glad you got it solved. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Maglinger, Paul Sent: Thursday, September 14, 2017 5:01 PM To: 'exchange@lists.myitforum.com' Subject: RE: [Exchange] Management report application / script Looks like we might have gotten it resolved. I guess I fussed enough about granting permissions on each individual mailbox they came up with giving the account ApplicationImpersonation role. Why they didn’t come up with this to begin with is beyond me. Paul From: Maglinger, Paul Sent: Thursday, September 14, 2017 8:35 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Management report application / script Michael – As long as the door is open… Doing what you suggested now allows me to run some reports, such as “Attachments by file size”. However if I try to run a “Folder Message Count and Size” it comes back with “No Data Available”. ManageEngine’s solution is to grant the Exchange Reporter’s account full access permissions on every mailbox. I could easily do that with a PowerShell script, but that also means that we have to remember to do that as we add new mailboxes to the server. The Exchange Reporter doesn’t seem to acknowledge inherited permissions – they have to be granted on a per-mailbox basis. Do you have another silver bullet to address this? Paul From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Monday, September 11, 2017 6:15 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Management report application / script Actually, this is pretty easy to automate: $user = ‘michael.smith’ ## the reporting user $databases = @( Get-MailboxDatabase ) foreach( $database in $databases ) { $dn = $database.DistinguishedName Add-ADPermission -Identity $dn -user $user -AccessRights ExtendedRight -ExtendedRights "Receive As" } From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Monday, September 11, 2017 6:14 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] Management report application / script Let me give you a suggestion. Using adsiedit.msc, on each DATABASE, set the reporting user to have Receive-As as an extended right on the database. If you have a lot of databases, this can still be a little painful, but much less than setting it for each user. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Maglinger, Paul Sent: Monday, September 11, 2017 4:13 PM To: 'exchange@lists.myitforum.com' Subject: RE: [Exchange] Management report application / script Quest has Exchange Manager which we have. It does provide some reporting of what you’re looking for and you should be able to download it for a trial period to see what it does. I haven’t played a great deal with that part of it though. We were looking at it to gain insight into what our users were keeping in their mailbox (attachments mainly) and on that piece Quest needs to do more work. Specifically it appears that in order to get that drill down into a mailbox it’s not enough to have inherited permissions by an account, you have to give that account rights to each mailbox individually – which is tedious time consuming. I’ve opened communications with them to work through this but haven’t set up the time to do so yet. That is my major gripe with it. Paul From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of John Matteson Sent: Monday, September 11, 2017 1:40 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] Management report application / script I'm looking for an application or powershell script that can provide a set of performance/management reports. What I'm looking for, ideally, is transit time mailbox to mailbox for messages of various sizes and from user to internet gateway, again for messages of various sizes. If it can work using tracking logs only, that would be great. I know Quest had a package like this at one time. Any pointers would be great. Thanks. John M.