Checking & Setting Permissions for Exchange 2007 mailboxes

I needed to backup all the mailboxes on an Exchange 2007 server. The backup agents we use allow this to be done at the mailstore level, but the brick level backup takes too long to complete. We have been doing exmerge nightly exports for as long as I can remember, then backing up those to the normal backup system. We can then restore a user's mail for the week without going to tape/backup system, and we don't have to restore more than a 2gb mailbox.

I found myself in need of setting up a service account with permissions needed to run export-mailbox and/or exmerge for mailboxes on a new Exchange 2007 server. This is what I came up with.

I'll start with the commands for checking permissions:

Get-MailboxDatabase -server "exserver1" | get-adpermission -user "service.account" | fl

On the Technet site the question was asked and this is the thread and a portion of the response.
FROM:
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/3b8abdbc-d5a5-46c7-8fc8-4a48c9b116d0

********************************
To get full access right on all mailboxes in a database, we can grant "Receive As" permission to the user or group with cmd-let "Add-ADPermission". Please simply run command as the steps below:

1. Logon Exchange server and load Exchange management Shell.
2. Remove Deny permission with command
3. Run following command to grant the permission

• Grant permission on a single mailbox store

Get-MailboxDatabase "" | Add-ADPermission -User "" -ExtendedRights Receive-As

• Grant permission on all mailbox stores on a server
Get-MailboxDatabase -server "" | Add-ADPermission -User "" -ExtendedRights Receive-As

Please note that the permission granted with the command above can't be taken effect until the cache on information store refreshes. By default the refresh interval is two hours, or we can force refreshing the cache by restarting Exchange Information Store service. To do so, please:

1. Load Service snap-in by run services.msc.
2. Locate entry Microsoft Exchange Information Store, right click it and select Restart.

********************************

for one store:

Get-MailboxDatabase "Cluster01\UserStore1\UserStore1" | Add-ADPermission -User "domain\service.account" -ExtendedRights Receive-As

or for all the stores on a server:

Get-MailboxDatabase -server Cluster01 | Add-ADPermission -User "service.account" -ExtendedRights Receive-As



Be sure to run the get-adpermission command before and after to verify the permissions are adjusted.

I'm sure this isn't as complete as I'd like, but I hope it helps somebody.