Unable to Grant Domain Local Groups Full Access Permission to a Exchange 2010 Mailbox using the GUI

John Doe is a user in your Active Directory environment (Windows Server 2008 R2 Forest Function Level) with a mailbox on the email server (Exchange Server 2010 with SP2):


You want to grant a domain local group named “Test Group” the full access permission to John Doe’s mailbox:


You attempt to grant this permission by selecting “Manage Full Access Permission” from the Exchange 2010 Management Console:


When you click add and search for the group, it doesn’t appear:


PowerShell to the Rescue! The only way I’ve figured out how to accomplish this (work-around for this issue) is to use the “Exchange Management Shell” (PowerShell). In this scenario, use the following PowerShell script:

Add-MailboxPermission -Identity "John Doe" -User "Test Group" -AccessRights "FullAccess"

Even though the syntax uses the parameter name “-User”, you can specify a group name.


The full access permission for John Doe’s mailbox is now assigned to the “Test Group”: