Users can change or add their profile photos in Microsoft apps, such as Outlook, OWA,…
Manage Shared Mailbox with PowerShell | Office 365
In this article, you will learn how to manage PowerShell commands to create a shared mailbox in Office 365. Also, you will assign different permissions to this new shared mailbox. We will show you to convert a shared mailbox to a regular mailbox and the other way around. Use PowerShell to get a list of all shared mailboxes in Office 365.
Table of contents
Microsoft 365 mailbox types
There are four different mailbox types in Microsoft 365:
- User mailbox
- Shared mailbox
- Room mailbox
- Equipment mailbox
In this article, we will cover how to manage the shared mailbox with PowerShell.
Connect to Exchange Online PowerShell
To be able to run the PowerShell commands, you will need to Connect to Exchange Online PowerShell.
Connect-ExchangeOnline
1. Create new Shared Mailbox
A shared mailbox is a special type of Exchange mailbox. To inform Exchange that we want to create a Shared mailbox type, we use the parameter -Shared.
Create new Shared Mailbox
PowerShell command syntax:
New-Mailbox -Name "Shared Mailbox Name" -Shared
Use the below PowerShell command example.
New-Mailbox -Name "Info Box" -Shared
The PowerShell output shows the new shared mailbox you created.
PS C:\> New-Mailbox -Name "Info Box" -Shared
Name Alias Database ProhibitSendQuota
---- ----- -------- -----------------
Info Box InfoBox EURPR02DG504-db416 49.5 GB (53,150,2...
Read more: Bulk create shared mailboxes with PowerShell »
Create new Shared Mailbox with Alias and Email Address
In this part, we will show you how to create a new shared mailbox where you can choose your Alias and Email address.
PowerShell command syntax:
New-Mailbox -Name "Shared Mailbox Name" -Alias "Alias" –Shared -PrimarySmtpAddress "Email Address"
Use the below PowerShell command example.
New-Mailbox -Name "Info Box2" -Alias "Info2" –Shared -PrimarySmtpAddress "InfoTest@m365info.com"
The PowerShell output shows the new Shared Mailbox with a different Alias and Email address.
PS C:\> New-Mailbox -Name "Info Box2" -Alias "Info2" –Shared -PrimarySmtpAddress "InfoTest@m365info.com"
Name Alias Database ProhibitSendQuota
---- ----- -------- -----------------
Info Box2 Info2 EURPR02DG187-db101 49.5 GB (53,150,2...
After running both commands, you will find the new shared mailboxes in Microsoft 365 admin center.
- Sign in to Microsoft 365 admin center
- Click on Users > Active users
2. Manage permissions to Shared Mailbox
Full Access permissions and AutoMap feature
When we assign a user Full Access permission to another user’s mailbox (such as Shared Mailbox in our example), the mailbox is automatically added to the user’s Outlook mail profile. This feature is described as AutoMap.
In some scenarios, we need to disable the option of AutoMap. We want to enable a specific user Full Access permission to multiple shared mailboxes. Still, we don’t want these shared mailboxes to add to the specific user’s Outlook profile automatically.
In this case, we can add the PowerShell parameter –AutoMapping with the value $False.
Assign Full Access permission for Shared Mailbox + AutoMap
In this step, we want to assign a specific user with Full Access rights to a shared mailbox we created earlier.
PowerShell command syntax:
Add-MailboxPermission "Shared Mailbox" -User "Mail Recipient" -AccessRights FullAccess -InheritanceType All
Use the below PowerShell command example.
Add-MailboxPermission "Info Box" -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All
Assign Full Access permission for Shared Mailbox + NO AutoMap
Use the below PowerShell command example.
Add-MailboxPermission "Info Box" -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All –AutoMapping $False
The PowerShell output shows that you successfully assigned Full Access rights to the specific user.
PS C:\> Add-MailboxPermission "Info Box" -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All –AutoMapping $False
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
Info Box S-1-5-21-70143928... {FullAccess} False False
Bulk assign Full Access permission for Shared Mailbox + NO AutoMap
Use the below PowerShell command to assign Full Access permission for a specific user for all shared mailboxes.
Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-MailboxPermission -User "Brenda Smith" -AccessRights FullAccess -InheritanceType All -AutoMapping $False
The PowerShell output will look like the example below.
PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-MailboxPermission -User "Brenda Smith" -AccessRights FullAccess -InheritanceType all -AutoMapping $False
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
Info Box S-1-5-21-70143928... {FullAccess} False False
Info Box2 S-1-5-21-70143928... {FullAccess} False False
If you already have assigned Full Access rights of the same user to one or more shared mailboxes, you will get a warning. The PowerShell output shows that this user already has Full Acces rights to the shared mailbox.
WARNING: The appropriate access control entry is already present on the object
Full Access permissions to a group and the AutoMap feature
When we assign Full Access permission to a group, the AutoMap feature is not activated. This is because the Full Access permission is granted to the group object, not the user object (group members).
In this case, we need to instruct each of the group members how to add the additional mailbox manually for the Exchange mailbox, to which they have Full Access permission.
To avoid this default behavior, we can use a little trick using a PowerShell command.
The PowerShell command will extract group members to a user list and assign Full Access permission separately for each user (each of the group members).
Assign Full Access permission for each group member
PowerShell command syntax:
$DL = Get-DistributionGroupMember "Group Name" | Select-Object -ExpandProperty Name
foreach ($Member in $DL) {
Add-MailboxPermission -Identity "Shared Mailbox" -User $Member -AccessRights 'FullAccess' -InheritanceType All
}
PowerShell command example:
$DL = Get-DistributionGroupMember "helpdesk@m365info.com" | Select-Object -ExpandProperty Name
foreach ($Member in $DL) {
Add-MailboxPermission -Identity "infobox@m365info.com" -User $Member -AccessRights 'FullAccess' -InheritanceType All
}
Assign Send As permission for Shared Mailbox
PowerShell command syntax:
Add-RecipientPermission "Shared Mailbox" -Trustee "Mail Recipient" -AccessRights SendAs -confirm:$False
Use the below PowerShell example to assign Send As permission for a single shared mailbox.
Add-RecipientPermission "Info Box" -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False
The PowerShell output will look like the below example.
PS C:\> Add-RecipientPermission "Info Box" -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False
Identity Trustee AccessControlType AccessRights Inherited
-------- ------- ----------------- ------------ ---------
Info Box d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow {SendAs} False
Bulk assign Send As permission for all Shared Mailboxes
You can also assign Send As permission for a specific user to all shared mailboxes in one PowerShell command.
Use the below PowerShell command example.
Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-RecipientPermission -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False
After you run the above command, the PowerShell output example looks like this.
PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-RecipientPermission -Trustee "Brenda Smith" -AccessRights SendAs -confirm:$False
Identity Trustee AccessControlType AccessRights Inherited
-------- ------- ----------------- ------------ ---------
Info Box d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow {SendAs} False
Info Box2 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow {SendAs} False
If you already have assigned Send As permission of the same user to one or more shared mailboxes, you will get a warning. The PowerShell output shows that this user already has Full Access rights to the shared mailbox.
WARNING: The appropriate access control entry is already present on the object
Assign permissions to the Shared Mailbox Calendar
To view the permissions of a specific mailbox folder, such as the Calendar folder, we need to use a syntax in which we define the mailbox name + the specific Folder name.
You can find the calendar name by running the Get-MailboxFolderStatistics cmdlet.
Get-Mailbox -Identity "Info Box" | Get-MailboxFolderStatistics -FolderScope Calendar | ft Identity,Name
Given that the Exchange mailbox is in the English language (defined as MailboxRegionalConfiguration), the calendar folder name we use is “Calendar”. If the Exchange mailbox uses a different Mailbox Regional Configuration, we will need to write the calendar folder name respectively.
Assign Publishing Editor permission to Shared Mailbox Calendar
PowerShell command example:
Add-MailboxFolderPermission –Identity "Info Box:\Calendar" -AccessRight PublishingEditor -User "Brenda Smith"
View various types of Mailbox permissions
View information about Full Acces and Send As permission
- The PowerShell cmdlet Get-MailboxPermission displays Mailbox permission
- The PowerShell cmdlet Get-RecipientPermission displays Send As permission
The default output of both these PowerShell commands shows redundant information that makes it difficult to understand the Exchange mailbox permissions clearly. For this reason, we will filter and remove redundant information.
View FULL ACCESS permissions for Shared Mailbox
PowerShell command example
Get-MailboxPermission "Info Box" | Where-Object { ($_.IsInherited -eq $False) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select-Object Identity, user, AccessRights
View SEND AS permissions for Shared Mailbox
PowerShell command example:
Get-RecipientPermission "Info Box" | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like "NT AUTHORITY\SELF") } | Select-Object Trustee, AccessRights
View Calendar permissions for Shared Mailbox
PowerShell command example:
Get-MailboxFolderPermission -Identity "Info Box:\Calendar" | ft Identity,FolderName,User,AccessRights
Remove permissions – Shared Mailbox
Remove FULL ACCESS permissions for Shared Mailbox
PowerShell command syntax:
Remove-MailboxPermission "Shared Mailbox" -AccessRights "The type of permissions" -User "Recipient"
PowerShell command example:
Remove-MailboxPermission "Info Box" -AccessRights FullAccess -User "Brenda Smith"
Remove SEND AS permissions for Shared Mailbox
PowerShell command syntax:
Remove-RecipientPermission "Shared Mailbox" -AccessRights "The type of permissions" -Trustee "Recipient"
PowerShell command example:
Remove-RecipientPermission "Info Box" -AccessRights SendAs -Trustee "Brenda Smith"
Remove Publishing Editor permissions to the Shared Mailbox Calendar
PowerShell command syntax:
Remove-MailboxFolderPermission "Shared Mailbox:\Calendar" -User "Identity"
PowerShell command example:
Remove-MailboxFolderPermission "Info Box:\Calendar" -User "Brenda Smith"
3. Convert Mailbox
A Shared mailbox can be converted to a regular Exchange mailbox and vice versa.
When we convert a Shared mailbox to a User mailbox (regular Exchange mailbox), we must assign an Office 365 license to the converted mailbox.
Convert Regular mailbox to Shared mailbox
PowerShell command syntax:
Set-Mailbox "User Mailbox" -Type Shared
PowerShell command example:
Set-Mailbox "Brenda Smith" -Type Shared
Read more: Convert user mailbox to shared mailbox »
Convert Shared Mailbox to Regular Mailbox
PowerShell command syntax:
Set-Mailbox "Shared Mailbox" -Type Regular
PowerShell command example:
Set-Mailbox "Info Box" -Type Regular
Read more: Convert shared mailbox to user mailbox »
4. Shared Mailbox specific settings
Set Shared mailbox size to 10 GB
PowerShell command syntax:
Set-Mailbox "Shared Mailbox" -ProhibitSendReceiveQuota "Size" -ProhibitSendQuota "Size" -IssueWarningQuota "Size"
PowerShell command example:
Set-Mailbox "Info Box" -ProhibitSendReceiveQuota 10GB -ProhibitSendQuota 9.75GB -IssueWarningQuota 9.5GB
Set Shared Mailbox to “Save a copy of sent mail items” when using Send As permissions
Define the behavior of Shared mailbox and Sent items folder
In a scenario in which we assign the SEND AS permissions to a recipient on a Shared mailbox, when the recipient sent an email on behalf of the Shared mailbox (using his SEND AS permissions) the mail that was sent, will be saved by default, in the Shared mailbox “Sent Items” but a copy of the sent mail, will not save in the mailbox of recipient.
To change this default behavior, we can use the PowerShell parameter -MessageCopyForSentAsEnabled.
PowerShell command example:
Set-Mailbox "Info Box" -MessageCopyForSentAsEnabled $True
View Shared Mailbox “Save a copy of sent mail items” settings
PowerShell command example:
Get-Mailbox "Info Box" | Format-List Alias, MessageCopy*
Read more: How to save sent items in shared mailbox »
5. Export information about Shared Mailbox
Get a list of existing Shared mailboxes
Use the PowerShell command to get a list of all shared mailboxes.
Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress
The PowerShell output looks like the below example.
PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress
DisplayName Alias RecipientTypeDetails PrimarySmtpAddress
----------- ----- -------------------- ------------------
Info Box InfoBox SharedMailbox InfoBox@m365info.com
Info Box2 Info2 SharedMailbox InfoTest@m365info.com
Export a list of existing Shared Mailboxes to CSV file
You can export information about all the existing shared mailboxes to a single CSV file. This way, you can easily search for the different shared mailboxes.
PowerShell command example:
Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress | Export-CSV C:\temp\"Shared Mailboxes Info.CSV" –NoTypeInformation -Encoding UTF8
Once you export the information, you can find the CSV file in the C:\temp folder.
Open the CSV file with an application like Microsoft Excel to see the results.
6. Delete Shared Mailbox
You can easily soft delete a specific shared mailbox with PowerShell. It means the deleted shared mailbox will stay in the Azure AD recycle bin for 30 days before it is permanently deleted. You can restore deleted shared mailboxes in Manage Microsoft 365 users recycle bin.
Soft delete Shared Mailbox
You can soft delete a single shared mailbox.
PowerShell command syntax:
Remove-Mailbox -Identity "Shared Identity" -Confirm:$false
PowerShell command example:
Remove-Mailbox -Identity "Info Box" -Confirm:$false
Bulk soft delete Shared Mailbox
Use the below PowerShell command to bulk soft delete shared mailboxes.
Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailBox")' -ResultSize Unlimited | Remove-Mailbox -Confirm:$false
Hard delete Shared mailbox
If you want to hard delete a mailbox permanently, you need to go through a couple of steps. Read more about it in the article Force delete Microsoft 365 mailbox with PowerShell.
Did this help you to manage Office 365 Shared Mailbox with PowerShell?
Read more: Configure Catch all Mailbox in Microsoft 365 »
Conclusion
You learned how to create a new shared mailbox with PowerShell. You managed to assign and remove different permissions to a shared mailbox. It’s easy to convert a shared mailbox to a regular user mailbox and vice versa. Also, you can export information about all shared mailboxes to a CSV file with PowerShell.
Did you enjoy this article? You may also like Send email with Microsoft Graph PowerShell. Don’t forget to follow us and share this article.
Hey. Great post. Thank you. I was wondering if there was a way to get the contacts of a shared mailbox on exchange. I need to update a couple of email out of contacts on a shared mailbox. Thank you for the information.
Jeff
Hey,
Is there a way to extract the contact folder of a shared mailbox. I need to update the email part of a contact of a shared mailbox but I can’t find the option anywhere. Thank you for the help
Hey there,
Really great article. Is there a way to extract a shared mailbox contacts to be able to update the email part in them ??? I’m haveing a hard time figuring it out. Thank you
Hi,
i want to use the “Assign Full Access permissions for each group member” function. Is there a function to delete the full permissions from the mailbox when the user not in the security group anymore?
Can you give a user read-only access to a Shared Mailbox?
Thanks for this info. 🙂
great site and blog thanks. we use it heavily to help us implement Office 365 for our clients. even with Micrsoft Partner support this is more helpful… (they are terrible!)
great instructions thanks. compared to technet this is a breeze! thank god there’s sites like this to show us how to use microsoft systems… microsoft cant!
I keep getting an error when trying to apply the trick to apply the rights to the distribution group. I keep getting an error stating that “Unexpected token ‘in’ in expression or statement.
awsome article beats help.outlook.com thanks a lot 🙂
Hi,
Thank you for a great article. I’ve been struggling with Shared mailboxes, and this article has everything I need.
Could you explain what the AutoMAP function is?
Thank you.
Martin Robson
Hello Martin
Regarding your question about the “AutoMap”:
The AutoMap feature is implemented in the following way: when you assign a “Full Access” permission to user object (for other user Mailbox), the user Mailbox is automatically appears in the user Outlook mail profile.
When we assign “Full Access” permission to group (instead of specific user), the AutoMap feature is not implemented, and by default, we will need to add the shared Mailbox manually to each of the group members.
To avoid this operation, we use a little “trick”: before we assign the permission we “extract” each of the group member name (by using the command “ExpandProperty”) and assign the “Full Access” permission separately for each member. Using this option, we are able to use the AutoMap feature when assigning permission to group.
….which is the same as just adding a number of different Mailboxes with Full Access rights, so the security group -idea is futile.
How would one remove access rights in your “trick”?