Exchange 2010 SP1 Multi Tenant

When trying to assign full mailbox rights on an Exchange Multi Tenant installation, you receive this error:

Add-MailboxPermission -Identity [email protected] -User userb@domain -AccessRights ‘FullAccess’

The operation on mailbox [email protected] failed because it’s
out of the current user’s write scope. The object ‘userb’ must be within the read scope before and after it’s modified. Can’t perform the save operation.
    + CategoryInfo          : NotSpecified: (ehosting.local/…C/Administrator:ADObjectId) [Add-MailboxPermission], Ta
    + FullyQualifiedErrorId : CFE6232C,Microsoft.Exchange.Management.RecipientTasks.AddMailboxPermission

The fix to this is to simply log into the hosted exchange as the admin for the organisation and run the command again and it works. 🙂


  1. How can you log in to the server as the other organization admin? Did you modify your group policy to permit logons from the organization admins? Please explain, thanks!

  2. Well I added that particular orgs admin to allow RDP access, ran the command successfully in powershell, then removed that org’s admin RDP access. Thanks!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.