Skip to content

Manage Shared Mailbox with PowerShell | Office 365

In this article, you will learn how to manage PowerShell commands to create a shared mailbox in Office 365. Also, you will assign different permissions to this new shared mailbox. We will show you to convert a shared mailbox to a regular mailbox and the other way around. Use PowerShell to get a list of all shared mailboxes in Office 365.

Microsoft 365 mailbox types

There are four different mailbox types in Microsoft 365:

In this article, we will cover how to manage the shared mailbox with PowerShell.

Connect to Exchange Online PowerShell

To be able to run the PowerShell commands, you will need to Connect to Exchange Online PowerShell.

Connect-ExchangeOnline

1. Create new Shared Mailbox

A shared mailbox is a special type of Exchange mailbox. To inform Exchange that we want to create a Shared mailbox type, we use the parameter -Shared.

Create new Shared Mailbox

PowerShell command syntax:

New-Mailbox -Name "Shared Mailbox Name" -Shared

Use the below PowerShell command example.

New-Mailbox -Name "Info Box" -Shared

The PowerShell output shows the new shared mailbox you created.

PS C:\> New-Mailbox -Name "Info Box" -Shared

Name                      Alias           Database                       ProhibitSendQuota   
----                      -----           --------                       -----------------   
Info Box                  InfoBox         EURPR02DG504-db416             49.5 GB (53,150,2...

Read more: Bulk create shared mailboxes with PowerShell »

Create new Shared Mailbox with Alias and Email Address

In this part, we will show you how to create a new shared mailbox where you can choose your Alias and Email address.

PowerShell command syntax:

New-Mailbox -Name "Shared Mailbox Name" -Alias "Alias" –Shared -PrimarySmtpAddress "Email Address"

Use the below PowerShell command example.

New-Mailbox -Name "Info Box2" -Alias "Info2" –Shared -PrimarySmtpAddress "InfoTest@m365info.com"

The PowerShell output shows the new Shared Mailbox with a different Alias and Email address.

PS C:\> New-Mailbox -Name "Info Box2" -Alias "Info2" –Shared -PrimarySmtpAddress "InfoTest@m365info.com"

Name                      Alias           Database                       ProhibitSendQuota   
----                      -----           --------                       -----------------   
Info Box2                 Info2           EURPR02DG187-db101             49.5 GB (53,150,2...

After running both commands, you will find the new shared mailboxes in Microsoft 365 admin center.

  1. Sign in to Microsoft 365 admin center
  2. Click on Users > Active users
Create new Shared Mailbox with own Alias and Emailadress

2. Manage permissions to Shared Mailbox

Full Access permissions and AutoMap feature

When we assign a user Full Access permission to another user’s mailbox (such as Shared Mailbox in our example), the mailbox is automatically added to the user’s Outlook mail profile. This feature is described as AutoMap.

In some scenarios, we need to disable the option of AutoMap. We want to enable a specific user Full Access permission to multiple shared mailboxes. Still, we don’t want these shared mailboxes to add to the specific user’s Outlook profile automatically.

In this case, we can add the PowerShell parameter –AutoMapping with the value $False.

Assign Full Access permission for Shared Mailbox + AutoMap

In this step, we want to assign a specific user with Full Access rights to a shared mailbox we created earlier.

PowerShell command syntax:

Add-MailboxPermission "Shared Mailbox" -User "Mail Recipient" -AccessRights FullAccess -InheritanceType All

Use the below PowerShell command example.

Add-MailboxPermission "Info Box" -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All

Assign Full Access permission for Shared Mailbox + NO AutoMap

Use the below PowerShell command example.

Add-MailboxPermission "Info Box" -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All –AutoMapping $False

The PowerShell output shows that you successfully assigned Full Access rights to the specific user.

PS C:\> Add-MailboxPermission "Info Box" -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All –AutoMapping $False

Identity             User                 AccessRights                       IsInherited Deny 
--------             ----                 ------------                       ----------- ---- 
Info Box             S-1-5-21-70143928... {FullAccess}                       False       False

Bulk assign Full Access permission for Shared Mailbox + NO AutoMap

Use the below PowerShell command to assign Full Access permission for a specific user for all shared mailboxes.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-MailboxPermission -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All -AutoMapping $False

The PowerShell output will look like the example below.

PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-MailboxPermission -User "Brenda Smith" -AccessRights FullAccess -InheritanceType all -AutoMapping $False

Identity             User                 AccessRights                       IsInherited Deny 
--------             ----                 ------------                       ----------- ---- 
Info Box             S-1-5-21-70143928... {FullAccess}                       False       False
Info Box2            S-1-5-21-70143928... {FullAccess}                       False       False

If you already have assigned Full Access rights of the same user to one or more shared mailboxes, you will get a warning. The PowerShell output shows that this user already has Full Acces rights to the shared mailbox.

WARNING: The appropriate access control entry is already present on the object

Full Access permissions to a group and the AutoMap feature

When we assign Full Access permission to a group, the AutoMap feature is not activated. This is because the Full Access permission is granted to the group object, not the user object (group members).

In this case, we need to instruct each of the group members how to add the additional mailbox manually for the Exchange mailbox, to which they have Full Access permission.

To avoid this default behavior, we can use a little trick using a PowerShell command.

The PowerShell command will extract group members to a user list and assign Full Access permission separately for each user (each of the group members).

Assign Full Access permission for each group member

PowerShell command syntax:

$DL = Get-DistributionGroupMember "Group Name" | Select-Object -ExpandProperty Name
foreach ($Member in $DL) {
    Add-MailboxPermission -Identity "Shared Mailbox" -User $Member -AccessRights 'FullAccess' -InheritanceType All
}

PowerShell command example:

$DL = Get-DistributionGroupMember "helpdesk@m365info.com" | Select-Object -ExpandProperty Name
foreach ($Member in $DL) {
    Add-MailboxPermission -Identity "infobox@m365info.com" -User $Member -AccessRights 'FullAccess' -InheritanceType All
}

Assign Send As permission for Shared Mailbox

PowerShell command syntax:

Add-RecipientPermission "Shared Mailbox" -Trustee "Mail Recipient" -AccessRights SendAs -confirm:$False

Use the below PowerShell example to assign Send As permission for a single shared mailbox.

Add-RecipientPermission "Info Box" -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False

The PowerShell output will look like the below example.

PS C:\> Add-RecipientPermission "Info Box" -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False

Identity Trustee                              AccessControlType AccessRights Inherited
-------- -------                              ----------------- ------------ ---------
Info Box d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow             {SendAs}     False    

Bulk assign Send As permission for all Shared Mailboxes

You can also assign Send As permission for a specific user to all shared mailboxes in one PowerShell command.

Use the below PowerShell command example.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-RecipientPermission -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False

After you run the above command, the PowerShell output example looks like this.

PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-RecipientPermission -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False

Identity  Trustee                              AccessControlType AccessRights Inherited
--------  -------                              ----------------- ------------ ---------
Info Box  d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow             {SendAs}     False    
Info Box2 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow             {SendAs}     False    

If you already have assigned Send As permission of the same user to one or more shared mailboxes, you will get a warning. The PowerShell output shows that this user already has Full Access rights to the shared mailbox.

WARNING: The appropriate access control entry is already present on the object

Assign permissions to the Shared Mailbox Calendar

To view the permissions of a specific mailbox folder, such as the Calendar folder, we need to use a syntax in which we define the mailbox name + the specific Folder name.

You can find the calendar name by running the Get-MailboxFolderStatistics cmdlet.

Get-Mailbox -Identity "Info Box" | Get-MailboxFolderStatistics -FolderScope Calendar | ft Identity,Name

Given that the Exchange mailbox is in the English language (defined as MailboxRegionalConfiguration), the calendar folder name we use is “Calendar”. If the Exchange mailbox uses a different Mailbox Regional Configuration, we will need to write the calendar folder name respectively.

Assign Publishing Editor permission to Shared Mailbox Calendar

PowerShell command example:

Add-MailboxFolderPermission –Identity "Info Box:\Calendar" -AccessRight PublishingEditor -User "Brenda Smith"

View various types of Mailbox permissions

View information about Full Acces and Send As permission

The default output of both these PowerShell commands shows redundant information that makes it difficult to understand the Exchange mailbox permissions clearly. For this reason, we will filter and remove redundant information.

View FULL ACCESS permissions for Shared Mailbox

PowerShell command example

Get-MailboxPermission "Info Box" | Where-Object { ($_.IsInherited -eq $False) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select-Object Identity, user, AccessRights

View SEND AS permissions for Shared Mailbox

PowerShell command example:

Get-RecipientPermission "Info Box" | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like "NT AUTHORITY\SELF") } | Select-Object Trustee, AccessRights

View Calendar permissions for Shared Mailbox

PowerShell command example:

Get-MailboxFolderPermission -Identity "Info Box:\Calendar" | ft Identity,FolderName,User,AccessRights

Remove permissions – Shared Mailbox

Remove FULL ACCESS permissions for Shared Mailbox

PowerShell command syntax:

Remove-MailboxPermission "Shared Mailbox" -AccessRights "The type of permissions" -User "Recipient"

PowerShell command example:

Remove-MailboxPermission "Info Box" -AccessRights FullAccess -User "Brenda Smith"

Remove SEND AS permissions for Shared Mailbox

PowerShell command syntax:

Remove-RecipientPermission "Shared Mailbox" -AccessRights "The type of permissions" -Trustee "Recipient"

PowerShell command example:

Remove-RecipientPermission "Info Box" -AccessRights SendAs -Trustee "Brenda Smith"

Remove Publishing Editor permissions to the Shared Mailbox Calendar

PowerShell command syntax:

Remove-MailboxFolderPermission "Shared Mailbox:\Calendar" -User "Identity"

PowerShell command example:

Remove-MailboxFolderPermission "Info Box:\Calendar" -User "Brenda Smith"

3. Convert Mailbox

A Shared mailbox can be converted to a regular Exchange mailbox and vice versa.

When we convert a Shared mailbox to a User mailbox (regular Exchange mailbox), we must assign an Office 365 license to the converted mailbox.

Convert Regular mailbox to Shared mailbox

PowerShell command syntax:

Set-Mailbox "User Mailbox" -Type Shared

PowerShell command example:

Set-Mailbox "Brenda Smith" -Type Shared

Read more: Convert user mailbox to shared mailbox »

Convert Shared Mailbox to Regular Mailbox

PowerShell command syntax:

Set-Mailbox "Shared Mailbox" -Type Regular

PowerShell command example:

Set-Mailbox "Info Box" -Type Regular

Read more: Convert shared mailbox to user mailbox »

4. Shared Mailbox specific settings

Set Shared mailbox size to 10 GB

PowerShell command syntax:

Set-Mailbox "Shared Mailbox" -ProhibitSendReceiveQuota "Size" -ProhibitSendQuota "Size" -IssueWarningQuota "Size"

PowerShell command example:

Set-Mailbox "Info Box" -ProhibitSendReceiveQuota 10GB -ProhibitSendQuota 9.75GB -IssueWarningQuota 9.5GB

Set Shared Mailbox to “Save a copy of sent mail items” when using Send As permissions

Define the behavior of Shared mailbox and Sent items folder

In a scenario in which we assign the SEND AS permissions to a recipient on a Shared mailbox, when the recipient sent an email on behalf of the Shared mailbox (using his SEND AS permissions) the mail that was sent, will be saved by default, in the Shared mailbox “Sent Items” but a copy of the sent mail, will not save in the mailbox of recipient.

To change this default behavior, we can use the PowerShell parameter -MessageCopyForSentAsEnabled.

PowerShell command example:

Set-Mailbox "Info Box" -MessageCopyForSentAsEnabled $True

View Shared Mailbox “Save a copy of sent mail items” settings

PowerShell command example:

Get-Mailbox "Info Box" | Format-List Alias, MessageCopy*

Read more: How to save sent items in shared mailbox »

5. Export information about Shared Mailbox

Get a list of existing Shared mailboxes

Use the PowerShell command to get a list of all shared mailboxes.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress

The PowerShell output looks like the below example.

PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress

DisplayName Alias   RecipientTypeDetails PrimarySmtpAddress   
----------- -----   -------------------- ------------------   
Info Box    InfoBox SharedMailbox        InfoBox@m365info.com 
Info Box2   Info2   SharedMailbox        InfoTest@m365info.com

Export a list of existing Shared Mailboxes to CSV file

You can export information about all the existing shared mailboxes to a single CSV file. This way, you can easily search for the different shared mailboxes.

PowerShell command example:

Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress | Export-CSV C:\temp\"Shared Mailboxes Info.CSV" –NoTypeInformation -Encoding UTF8

Once you export the information, you can find the CSV file in the C:\temp folder.

Open the CSV file with an application like Microsoft Excel to see the results.

Manage Office 365 Shared Mailbox with PowerShell to CSV file information

6. Delete Shared Mailbox

You can easily soft delete a specific shared mailbox with PowerShell. It means the deleted shared mailbox will stay in the Azure AD recycle bin for 30 days before it is permanently deleted. You can restore deleted shared mailboxes in Manage Microsoft 365 users recycle bin.

Soft delete Shared Mailbox

You can soft delete a single shared mailbox.

PowerShell command syntax:

Remove-Mailbox -Identity "Shared Identity" -Confirm:$false

PowerShell command example:

Remove-Mailbox -Identity "Info Box" -Confirm:$false

Bulk soft delete Shared Mailbox

Use the below PowerShell command to bulk soft delete shared mailboxes.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailBox")' -ResultSize Unlimited | Remove-Mailbox -Confirm:$false

Hard delete Shared mailbox

If you want to hard delete a mailbox permanently, you need to go through a couple of steps. Read more about it in the article Force delete Microsoft 365 mailbox with PowerShell.

Did this help you to manage Office 365 Shared Mailbox with PowerShell?

Read more: Configure Catch all Mailbox in Microsoft 365 »

Conclusion

You learned how to create a new shared mailbox with PowerShell. You managed to assign and remove different permissions to a shared mailbox. It’s easy to convert a shared mailbox to a regular user mailbox and vice versa. Also, you can export information about all shared mailboxes to a CSV file with PowerShell.

Did you enjoy this article? You may also like Send email with Microsoft Graph PowerShell. Don’t forget to follow us and share this article.

o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 13 Comments

  1. Hey. Great post. Thank you. I was wondering if there was a way to get the contacts of a shared mailbox on exchange. I need to update a couple of email out of contacts on a shared mailbox. Thank you for the information.
    Jeff

  2. Hey,

    Is there a way to extract the contact folder of a shared mailbox. I need to update the email part of a contact of a shared mailbox but I can’t find the option anywhere. Thank you for the help

  3. Hey there,
    Really great article. Is there a way to extract a shared mailbox contacts to be able to update the email part in them ??? I’m haveing a hard time figuring it out. Thank you

  4. Hi,
    i want to use the “Assign Full Access permissions for each group member” function. Is there a function to delete the full permissions from the mailbox when the user not in the security group anymore?

  5. great site and blog thanks. we use it heavily to help us implement Office 365 for our clients. even with Micrsoft Partner support this is more helpful… (they are terrible!)

  6. great instructions thanks. compared to technet this is a breeze! thank god there’s sites like this to show us how to use microsoft systems… microsoft cant!

  7. I keep getting an error when trying to apply the trick to apply the rights to the distribution group. I keep getting an error stating that “Unexpected token ‘in’ in expression or statement.

  8. Hi,

    Thank you for a great article. I’ve been struggling with Shared mailboxes, and this article has everything I need.

    Could you explain what the AutoMAP function is?

    Thank you.

    Martin Robson

    1. Hello Martin

      Regarding your question about the “AutoMap”:

      The AutoMap feature is implemented in the following way: when you assign a “Full Access” permission to user object (for other user Mailbox), the user Mailbox is automatically appears in the user Outlook mail profile.

      When we assign “Full Access” permission to group (instead of specific user), the AutoMap feature is not implemented, and by default, we will need to add the shared Mailbox manually to each of the group members.

      To avoid this operation, we use a little “trick”: before we assign the permission we “extract” each of the group member name (by using the command “ExpandProperty”) and assign the “Full Access” permission separately for each member. Using this option, we are able to use the AutoMap feature when assigning permission to group.

      1. ….which is the same as just adding a number of different Mailboxes with Full Access rights, so the security group -idea is futile.

        How would one remove access rights in your “trick”?

Leave a Reply

Your email address will not be published. Required fields are marked *