Tuesday, November 19, 2019

Adding Full Mailbox permissions to on prem shared mailboxes for O365 Migrated user in Hybrid environment

Task for granting O365 migrates user full mailbox permissions must be done with Exchange on-premises PowerShell. For purpose of this short article we will be adding simple steps to get this task taken care of and cmdlet goes with it. Following scenario is not supported https://docs.microsoft.com/en-us/exchange/permissions The following permissions or capabilities aren't supported: Send-As Lets a user send mail as though it appears to be coming from another user's mailbox. Auto-mapping Enables Outlook, when it starts, to automatically open any mailboxes that a user has been granted Full Access to. Folder permissions Grants access to the contents of a particular folder. Change the variables to make sure it fits into your scenario. Also make sure you are connected to both On-premises and O365 PowerShell to get the work done below. # VARS $CloudMB1 = "John.Born@SecuredNinja.org" # Cloud Mailbox $SharedMB1 = "HRShared1@SecuredNinja.org" # On pRem $SharedMB2 = "HRShared2@SecuredNinja.org" # On prem # ADDING MB Permissions Write-host "Adding AD Permissions" Add-MailboxPermission –Identity $SharedMB1 –User $CloudMB1 ` –AccessRights FullAccess –AutoMapping $True -InheritanceType All # VERIFy AD PERMISSIONS Write-host "Verifying AD Permissions" $Output1 = Get-Mailbox -Identity $SharedMB1 | Get-MailboxPermission |` where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |` Select-Object User,AccessRights,IsInherited,Deny # ADD Write-host "Adding Permissions" Add-RecipientPermission -Identity $SharedMB1 -Trustee $CloudMB1 -AccessRights SendAs #VERIFY Write-host "Verifying Permissions" Get-RecipientPermission -Identity $SharedMB1 # REMOVE Write-host "REMOVING Permissions" $removeUser = "Casey.Dedeal@SecuredNinja.org" Remove-RecipientPermission -Identity $SharedMB2 -Trustee $removeUser -AccessRights SendAs -WhatIf # REMOVE Write-host "REMOVING Permissions" $CloudMB = "Casey.DedealSecuredNinja.org" Remove-MailboxPermission –Identity $SharedMB2 –User $CloudMB –AccessRights FullAccess -WhatIf Casey Dedeal Azure Certified Solutions Architect