I ran into a problem while granting one or more permissions on a mailbox :
The object 'domain.domain/Microsoft Exchange Hosted Organizations/HostedORG/User′ must be within the read scope before and after..
Because it’s an Exchange 2010 SP2 multi tenant hosted environment there is no management console, so I figured out how to fix this using powershell in combination with an Multi tenant environment.
Start the Exchange 2010 management shell with the Exchange Hosted Organisation administrator and issue the following command :
Add-MailboxPermission -Identity "user" -User "groupname" -AccessRights FullAccess -InheritanceType All
Notice that I used a group called groupname. Don’t let the option -User fool you! You can use user or group names both!