Top

Manage Mailbox Permissions by using PowerShell | Office 365 5/5 (3) 7 min read

Manage Mailbox Permissions by using PowerShell | Office 3657 min read

In the current article, we will review how to use the PowerShell commands for managing full access mailbox permission in Exchange Online environment.

Mailbox permission includes two categories:

  1. Full Access Permissions- Enable another recipient to see all of the mailbox content.
  2. Permission to send email using another recipient name (“Send As” and “Send on Behalf” ).

Some of the Mailbox permission can be assigned by the user himself (by using the Outlook or OWA interface) and the permissions to send email, using another recipient name, could only be allocated by using the PowerShell interface.

The considerable advantage of using PowerShell for managing Mailbox Permissions is that the administrator can remotely create the required setting for the user (assist users and prevent miss configurations) and using the power of the PowerShell, to execute commands in Bulk Mode (execute configuration settings for more than one Mailbox).

PowerShell | Help & additional information

In case that you are a novice in the PowerShell environment, you can use the following link to get more information about the “first steps” such as: downloading the required PowerShell
software components, how to use the PowerShell console, running a PowerShell script, etc.

Read more
Link Table
PowerShell Naming Conventions & general information

If you want to get more information about the Naming Conventions that we use for this article and get some general tips about: how to work with the PowerShell, read the article: Help and additional information – o365info.com PowerShell articles

Create remote PowerShell session

Before we can use the required PowerShell commands, we need to download and install the Office 365 cmdlets + create remote PowerShell session to Office 365 or Exchange Online. If you need more information about how to create a remote PowerShell session read the following articles: Part 2: Connect to Office 365 by using Remote PowerShell and Part 3: Connect to Exchange Online by using Remote PowerShell

How to use a PowerShell script

Most of the PowerShell articles include a PowerShell script that simplifies the use of the PowerShell commands. If you want to get more information about: How to use a PowerShell script, read the article: Connect to Office 365 and Exchange Online using a script

PowerShell command and Script languish in more details

If you are new to the PowerShell world, you can read more information about PowerShell in Office 365 environment in the article: The Power of PowerShell


Mailbox permissions PowerShell commands basic structure

The basic structure of the PowerShell mailbox permissions command, is written by using the following syntax:

Mailbox permissions PowerShell command basic structure-03

In our example, we want to enable Alice to get Full Access permission to hear manager mailbox. The -Identity parameter, relates to the user who wants to “share” his mailbox (provide other users the option to access the content of his mailbox) and the –User parameter, represent the user who will get the access to the mailbox.

1. Assign Mailbox Permissions

1.1 – Assign “Full Access” permissions for a Mailbox

PowerShell command Syntax

PowerShell command Example

Assign “Send As” Permissions for a Mailbox

Send As permissions logic -01

1.2 – Assign “Send As” Permissions for a Mailbox

PowerShell command Syntax

PowerShell command Example

Adjustments & Improvements
To avoid the need for confirmation, we can add the option: “-Confirm:$False”

1.3 – Assign “Send As” Permissions for a ALL Mailbox’s (BulkMode)

PowerShell command Syntax

PowerShell command Example

1.4 – Assign “Send As” Permissions for recipient for each member in a distribution group

PowerShell command Syntax

PowerShell command Example

1.5 – Assign “Send As” Permissions for each member in a distribution group for a specific recipient

PowerShell command Syntax

PowerShell command Example

1.6 – Assign “Send on Behalf” Permissions for a Mailbox

PowerShell command Syntax

PowerShell command Example

1.7 – Assign “Full Access” permissions for all Mailboxes (BulkMode)

PowerShell command Syntax

PowerShell command Example


2. Assign Full Access Permissions and AutoMap

2.1 – Assign “Full Access” permissions to Distribution Group + AutoMap

PowerShell command Syntax

PowerShell command Example

Additional reading

2.2 – Assign “Full Access” permissions for all Mailboxes (BulkMode) and Disable AutoMap

PowerShell command Syntax

PowerShell command Example

2.3 – Assign “Full Access” permissions for Specific User and Disable AutoMap

PowerShell command Syntax

PowerShell command Example


3. Display permissions for a Mailbox

3.1 – Display “Full Access” Permissions for a Mailbox

PowerShell command Syntax

PowerShell command Example

Adjustments & Improvements
For improving the quality of the output we can use an additional PowerShell parameter that will “clean” the unnecessary information:

3.3 – Display “Send As” permission for a Mailbox

PowerShell command Syntax

PowerShell command Example

Adjustments & Improvements
For improving the quality of the output we can use an additional PowerShell parameter that will “clean” the unnecessary information:

3.3 – Display “Send On Behalf” Permissions for Mailbox

PowerShell command Syntax

PowerShell command Example

Adjustments & Improvements
For improving the quality of the output we can use an additional PowerShell parameter that will “clean” the unnecessary information:

3.4 – View all “Send As permissions” you’ve configured in your organization

PowerShell command Syntax

3.5 – Display a list of recipient’s that have FULL ACCESS permission on other recipient’s

PowerShell command Syntax


4. Revoke Permissions

4.1 – Revoke “Full Access” Permissions

PowerShell command Syntax

PowerShell command Example

Adjustments & Improvements
To avoid the need for confirmation, we can add the option: “-Confirm:$False”

4.2 – Revoke “Send As” Permissions

PowerShell command Syntax

PowerShell command Example

Adjustments & Improvements
To avoid the need for confirmation, we can add the option: “-Confirm:$False”

PowerShell command syntax – Office 365 | Article series index

Now it’s Your Turn!
It is important for us to know your opinion on this article

Summary
Manage Mailbox Permissions by using PowerShell | Office 365
Article Name
Manage Mailbox Permissions by using PowerShell | Office 365
Description
In the current article, we will review how to use the PowerShell commands for managing full access mailbox permission in Exchange Online environment.
Author
Publisher Name
o365info.com
Publisher Logo

Please rate this

[email protected]

Share your knowledge. It’s a way to achieve immortality. Dalai Lama

16 Comments
  • Anonymous
    10/10/2012 at 12:46 am

    Useful collection of PS cmds. Thanks O365info!

    • Ігор Коваль
      10/01/2013 at 6:02 am

      Hi,

      Many thanks for the article, very helpful.
      I have one question.
      In my company we are using GMB (Generic Mailbox) for information exchange. People have access Full Access to it, also they should have Send on Behalf Of access. To simplify access, I have created Distribution List(DL), and include this DL as “Full Access” member of the GMB(with this everything is fine). I have tried to include DL into GMB Send on Behalf Of, but it didn’t find my DL via EMC. I have tried to do it via EMS, but my attempt failed.
      My command:
      Set-Mailbox -Identity “Name of GMB”-GrantSendOnBehalfTo “Name of DL”

      Could you please advise on this issue? What should I do?

      Thank you

    • edoron777
      10/01/2013 at 1:15 pm

      Hello Irop
      The answer is that you should configure the Group (the DL) as a security group. In Exchange Online environment, you can create the security group form the Exchange Online Web management. The security group is configured automatically as mail enabled group and from the user point of view serve as a “standard distribution group”. The different between security mail enabled security group verses standard distribution group is that you cannot assign permission to distribution group. In case that you try to assign send as permission to standard distribution group (using PowerShell) you will get error such as: “User or group “DL NAME” wasn’t found. Please make sure you’ve typed it correctly.”

  • Anonymous
    11/16/2012 at 8:44 am

    Hi, in lieu of public folders being rolled out in o365, we are using a user’s mailbox as the storage area for our numerous sub-folders. We have granted the permissions using Outlook, but are experiencing problems with this – folders are not always visible even though the permissions haven’t changed (new folders/sub-folders being created and inheriting the properties of the one above). It has been suggested in the o365 community that I set the permissions using PowerShell. Are you able to assist me with the relevant commands please? I do not want to grant open access to this user’s Inbox, just to the sub-folders of that Inbox where our shared emails are stored.

    Many thanks.

  • Eyal Doron
    11/16/2012 at 4:17 pm

    I try to read some information about your request.
    I have found an article (http://community.office365.com/en-us/forums/160/p/43423/147639.aspx), that suggest using the option of “Recurse”, by using the following PowerShell command
    Get-MailboxFolder –Identity : -Recurse | Add-MailboxFolderPermission -User -AccessRights Owner
    By using this option, the permission that you assign to the “parent folder” will be inherited to all of the “Child Folder” in any level.
    I little fact that was not mentioned is that to be able to use this PowerShell command you will need to create the remote PowerShell session by using the user credentials that you need to assign the permission to his folder (login as “user1” in our example)
    (You can read more information at the following link: http://technet.microsoft.com/en-us/library/dd351164.aspx )
    Generally speaking, it’s not so obvious to use a “user mailbox” to mimic the concept of a public folder.
    The next version of office 365 and Exchange online will include support in the Public folder, so maybe it’s worth to wait for a while

  • Abhisheck2.0
    02/27/2013 at 10:25 am

    How to remove send on behalf permission using the script???

  • Anonymous
    04/24/2013 at 9:27 am

    congratulations and thanks for this very useful site.

  • Anonymous
    09/23/2013 at 6:44 am

    How can I get an email address (kind of UserPrincipalName) instead of User ?

    I use the cmdlet get-mail $_.user | select UserPrincipalName in a foreach but it is very very so long. Any other idea ?

    Thank you so much.

  • Abdul Hamid Ansari
    12/07/2013 at 11:29 am

    thanks for all that but i want two give read only permission to two user in one time on single mailbox means i use one powershell comand

  • Abdul Hamid Ansari
    12/07/2013 at 11:30 am

    how to give permission to 2 or 3 user for read only access a single mailbox i want to know what command i can use for same .

  • Michael
    03/02/2015 at 11:42 pm

    Wanted to say thanks so much for this… I am not the best with powershell yet, and this helps alot. is there away you can edit to add a user to a distribution list / group, Ie what list would you like this user added to? Scans, users ? Joe.

  • Usman
    03/26/2015 at 9:06 am

    Hi,

    Consider scenario where we have 2 users with same name “Simon Walker”, UPN: [email protected], [email protected]” in an organization, both have permission “Full Access” on Sales mailbox. Now we want to remove permission for [email protected].

    The Get-MailboxPermission will return DisplayName of user who has permission not DistinguishedName as in Exchange 2013 on-premises server that can be used to remove user easily as one do not have to remember UPN.

    How to get UPN or DistinguishedName of user who has permission on a particular Mailbox using Get-MailboxPermission?

    Regards,

    Usman

  • Ankit Jaiswal
    07/21/2016 at 9:33 pm

    Awesome Blogs and PS cmdlets with explanation
    Thanks for usefull info…
    Keep it up!!

  • scott S
    10/28/2016 at 9:05 pm

    I’m having an issue setting the Clutter setting on a new mailbox, sometimes it can take over a hour before it will let me set the setting?

  • Daniel Potter
    01/11/2017 at 6:48 pm

    Any idea why the accessrights switch is a multivalued property but only accepts sendas? The idea that sendas,sendonbehalf,fullaccess are stored in different areas is maddening.

  • Ryan Chau
    02/13/2018 at 7:45 pm

    Great article.

    However.
    Original from the article: $DL = Get-DistributionGroupMember “Assistants Group” | Select-Object -ExpandProperty Name
    ForEach ($Member in $DL )
    {
    Add-MailboxPermission -Identity “FL1 Room1”  -User $S -AccessRights FullAccess -InheritanceType All
    }

    Should it be? ($S will be replace $Member)

    $DL = Get-DistributionGroupMember “Assistants Group” | Select-Object -ExpandProperty Name
    ForEach ($Member in $DL )
    {
    Add-MailboxPermission -Identity “FL1 Room1”  -User $Member -AccessRights FullAccess -InheritanceType All
    }

Post a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Read previous post:
Disable Access to Service (protocol ) by using PowerShell | Office 365

In the current article, we review of to use the PowerShell cmdletsSet-CASMailbox that is used for disabling (or enable) access...

Close