Sunday, February 9, 2025
HomePowershellChange Shared Mailbox Permissions utilizing PowerShell

Change Shared Mailbox Permissions utilizing PowerShell


A shared mailbox is a helpful function in each Change Server and Change On-line. It permits a number of customers to entry and handle a standard mailbox, reminiscent of a departmental or project-related mailbox. Managing and sending emails from a shared mailbox will be completed in a number of steps, and we’ll cowl these under.

Accessing and Utilizing a Shared Mailbox in Outlook

  1. Outlook Net App (OWA) or New Outlook:
    • Log in to OWA or the New Outlook shopper.
    • Proper-click on the Folders and choose Add Shared Folder or Mailbox
    • Enter the shared mailbox e-mail tackle and click on Add.
  1. Outlook Desktop Shopper (basic):
    • Click on on File
    • Click on on Account Settings.
    • Double-click in your account
    • From the Change Account Settings, click on on Extra Settings
    • Click on on the Superior tab, after which click on on Add
    • Enter the shared mailbox e-mail tackle and click on OK

Outlook often auto-detects the brand new accounts you may have full entry to and routinely maps them to the related mailbox consumer. So often there isn’t any motion required from the consumer.

Variations between Person and Shared mailboxes

Shared Mailbox gives a generic e-mail tackle reminiscent of data@area.com or gross sales@area.com that permits the shopper to ship to with out having to keep in mind that of a person, additionally it offers a shared e-mail that can be utilized between all customers who’re granted permission.

Function Shared Mailbox Person Mailbox
RecipientTypeDetails SharedMailbox UserMailbox
License Required No, However customers accessing it require a license Sure
Storage Allotted 50 GB 100 GB
Administration PowerShell and Change Interface PowerShell and Change Interface
Authentication No Direct entry Require Auth
Use For Shared between customers Particular person Entry

To search out Shared Mailbox, we will use the next PowerShell line to get all Change On-line shared mailbox

Get-Mailbox -ResultSize Limitless -RecipientTypeDetails SharedMailbox

Granting Full Management Entry To a Shared Mailbox

To grant a consumer full entry to a shared mailbox, you may comply with these steps

  1. In Change On-line:
    • Open Change On-line Admin Heart and click on on Mailboxes
    • Seek for the Shared Mailbox object identify and click on on it
    • From the aspect menu, click on on Delegate
    • Click on on Learn and Handle (Full Entry)
    • Click on on + Add Members so as to add a brand new member, seek for the consumer and click on Save
Adding Shared Mailbox Full Access
  1. To grant a consumer full entry to a shared mailbox utilizing PowerShell, use the next instance: 
    Add-MailboxPermission -Identification "SharedMailbox" -Person "User1" -AccessRights FullAccess

You’ll be able to add a Person Mailbox object or a Mail Enabled Safety group, including Microsoft 365 or Distribution teams isn’t supported.

PS:> Add-MailboxPermission -Identification "MySharedMailbox1" -Person "admin" -AccessRights FullAccess

Identification         Person                                              AccessRights IsInherited Deny
--------         ----                                              ------------ ----------- ----
MySharedMailbox1 S-1-5-21-2846312615-335574314-3940387591-24728480 {FullAccess} False       False

Automapping Mailbox To The Person Who Have Full Management

Autodiscover auto-map the shared mailbox MySharedMailbox1 to the delegated consumer admin or to whoever has Full Management of the Shared Mailbox. This may be completed so long as you’re including the delegated member on to the shared mailbox permission listing, however in case you are assigning the permission by way of the Energetic Listing teams, then the automapping function gained’t work.

If it is advisable to assign permission to the consumer and also you don’t need the shared mailbox to be found routinely, you may disable the automapping when operating the Add-MailboxPermission as within the following instance

Add-MailboxPermission -Identification "MySharedMailbox1" -Person "admin" -AccessRights FullAccess -Automapping $False

Granting SendAs Permission To a Shared Mailbox

To grant a consumer SendAs to a shared mailbox, you may comply with these steps

  1. In Change On-line:
    • Open Change On-line Admin Heart and click on on Mailboxes
    • Seek for the Shared Mailbox object identify and click on on it
    • From the aspect menu, click on on Delegate
    • Click on on Ship as
    • Click on on + Add Members so as to add a brand new member, seek for the consumer and click on Save

To ship emails because the shared mailbox, grant “Ship As” permissions:

  1. In Change On-line:
    • Use EAC or PowerShell to assign “Ship As” permissions.
    • Instance PowerShell command: Add-RecipientPermission -Identification "SharedMailbox" -Trustee "User1" -AccessRights SendAs
Identification         Trustee                              AccessControlType AccessRights Inherited
--------         -------                              ----------------- ------------ ---------
MySharedMailbox1 7e3b5368-203e-4cc2-94db-776d4b49977d Enable             {SendAs}     False

Granting the consumer SendAs wont enable the consumer to open the SharedMailbox, as a substitute if the consumer attempt to entry the SharedMailbox, the consumer will get an Entry Denied error

MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled to Save a Copy of the Despatched Message

When a consumer sends an e-mail from the shared mailbox, the despatched messages are saved within the sender Despatched Merchandise folder, not the shared mailbox Despatched Merchandise. This makes it onerous to trace e-mail conversations. So in Change, there may be an choice to routinely copy the despatched message to the shared mailbox Despatched Merchandise folder as a substitute of getting the message on the customers Despatched Merchandise solely.

The choice will depend on the delegation possibility granted to the consumer:

  • SendAs: If the consumer delegated the SendAs permission on the Shared Mailbox, then use the next command Set-Mailbox -Identification "SharedMailbox" -MessageCopyForSentAsEnabled $true
  • Ship on Behalf: if the consumer delegated the Ship on Behalf permission on the Shared Mailbox, then use the next command Set-Mailbox -Identification "SharedMailbox" -MessageCopyForSendOnBehalfEnabled $true

You’ll be able to validate the configuration by operating

PS C:> Get-Mailbox MySharedMailbox1 | Choose-Object Identify,MessageCopyForSentAsEnabled,MessageCopyForSendOnBehalfEnabled

Identify             MessageCopyForSentAsEnabled MessageCopyForSendOnBehalfEnabled
----             --------------------------- ---------------------------------
MySharedMailbox1                        True                             False

Configure Permissions in Change Hybrid

In terms of hybrid configuration, ADConnect performs a significant rule within the recreation as its the strategy of pushing modifications from on-premise to Change on-line.

All the time be sure that ADConnect is up to date, and be certain that after every sync you give it someday for configuration to be mirrored on Change On-line

What’s ACLable

Assuming you may have Change Server 2013 with no less than CU10 or later, the one factor you may have to allow hybrid permission is to allow the ACLable object sync. Additionally you will need to have the Change Hybrid Deployment

ACLable refers to a particular mailbox setting that permits them to take part in entry management lists (ACLs) in a hybrid setting. It’s essential for hybrid deployments (on-premises and Change On-line) to make sure correct mailbox permission performance.

Understanding The Permission Problem in a Hybrid Setting

Each Full Management and Ship on Behalf are absolutely supported in a hybrid setting, and you may grant permission from Change on-line to an Change on-premise object, and vice-versa.

However on the subject of SendAs permission ADConnect doesn’t routinely sync the SendAs permission. So this type of permission isn’t supported. Nonetheless, SendAs will work in most eventualities if you happen to manually add the SendAs permissions in each environments, utilizing Change Administration Shell for on-premises Change and Change On-line PowerShell for Microsoft 365 or Workplace 365.

Get extra details about Permission in Change Hybrid Deployment from Microsoft.com

Enabling ACLable and Permissions in a Hybrid Deployment

To examine if the ACLable enabled on the organizational degree use the next, its higher to allow this selection on the group degree as a substitute on enabling it on every consumer.

PS C:> Get-OrganizationConfig | Format-Desk Identify,ACLableSyncedObjectEnabled

Identify                   ACLableSyncedObjectEnabled
----                   --------------------------
farismalaeb.com                      False

To allow ACLable will be enabled by utilizing

Set-OrganizationConfig -ACLableSyncedObjectEnabled $True

If you wish to allow the ACLable on a single mailbox you should use the next

Set-RemoteMailbox -Identification MySharedMailbox1 -ACLableSyncedObjectEnabled

Ensure to run ADSync synchronization to copy the modifications to Change On-line.

Conclusion

On this submit we took a glance on methods to grant permission on Change on-line Shared Mailbox, and methods to handle some configuration that improve the collabortion between members, additionally we cowl methods to configure permissions in a hybrid deployment. I hope you take pleasure in this submit.

In search of other thing to study Change On-line and PowerShell, have a look on methods to Dealing with Change On-line Quarantine Message Utilizing PowerShell

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments