Article Table of content | Click to Expand
PowerShell | Help & additional information
Running PowerShell commands in Office 365 based environment
To be able to run the PowerShell commands specified in the current article, you will need to create a remote PowerShell with Azure Active Directory or Exchange Online. In case that you need help with the process of creating a Remote PowerShell session, you can use the links on the bottom of the Article.
SECTION A: Create NEW Shared Mailbox
Shard mailbox is a special type of Exchange mailbox. To “inform” Exchange that we want to create a Shared mailbox type, we use the parameter “Shared.”
Create NEW Shared Mailbox
PowerShell command syntax
1 | New-Mailbox -Name <Shared Mailbox Name> -Shared |
PowerShell command Example
1 | New-Mailbox -Name “Info Box” -Shared |
Create NEW Shared Mailbox + define an Alias + Email Address
PowerShell command syntax
1 | New-Mailbox -Name <Shared Mailbox Name> -Alias <Alias> –Shared -PrimarySmtpAddress <E-mail Address> |
PowerShell command Example
1 | New-Mailbox -Name “Info Box” -Alias info –Shared -PrimarySmtpAddress info@o365info.com |
SECTION B: Manage permissions – Shared Mailbox
Assign permissions to the Shared Mailbox
Full Access permissions and AutoMap feature
When we assign to a User “Full Access” permission to another user Mailbox (Such as Shared Mailbox in our example), the Mailbox is automatically added to the user’s Outlook mail profile. This feature described as: AutoMap.
In some scenarios, we need to disable the option of AutoMap. For example, a scenario in which we want to enable specific user Full Access permission to multiple Shared mailboxes, but we don’t want that this Shared mailbox will be automatically added to the specific user Outlook profile.
In this case we can add the PowerShell parameter “-AutoMapping $False”
Additional reading
Assign FULL ACCESS permissions for Shared Mailbox + AutoMap (Default)
PowerShell command syntax
1 | Add-MailboxPermission <Shared Mailbox> -User <Mail Recipient> -AccessRights FullAccess -InheritanceType all |
PowerShell command Example
1 | Add-MailboxPermission “Info Box” -User Bob -AccessRights FullAccess -InheritanceType all |
Assign FULL ACCESS permissions for Shared Mailbox + NO AutoMap
PowerShell command syntax
1 | Add-MailboxPermission <Shared Mailbox> -User <Mail Recipient> -AccessRights FullAccess -InheritanceType all –AutoMapping $False |
PowerShell command Example
1 | Add-MailboxPermission “Info Box” -User Bob -AccessRights FullAccess -InheritanceType all –AutoMapping $False |
Assign FULL ACCESS permissions for ALL Shared Mailbox + NO AutoMap (Bulk)
PowerShell command Example
1 | Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-MailboxPermission -User Bob -AccessRights FullAccess -InheritanceType all -AutoMapping $False |
Full Access permissions to a group and the AutoMap feature
When we assign “Full Access” permission to a Group, the AutoMap feature is not “activated” because, the Full Access permission granted to “Group Object,” and not for the “User object” (the group members).
In this case, we will need to instruct each of the group members how to add the “additional Mailbox” manually for the Exchange mailbox which they have “Full access” permission.
To avoid this default behavior, we can use a “little trick,” by using a PowerShell command.
The PowerShell command will “extract” group members to a “user list” and in the next step assigns the Full Access permission separately, for each user (each of the Group members).
Assign Full Access permissions for each group member
PowerShell command syntax
1 | $DL = Get-DistributionGroupMember <Group Name> | Select-Object -ExpandProperty Name ForEach ($Member in $DL) {Add-MailboxPermission -Identity <Shared Mailbox> -User $Member -AccessRights ‘FullAccess’ -InheritanceType All} |
PowerShell command Example
1 | $DL = Get-DistributionGroupMember “Help Desk” | Select-Object -ExpandProperty Name ForEach ($Member in $DL) {Add-MailboxPermission -Identity “Info Box” -User $Member -AccessRights ‘FullAccess’ -InheritanceType All} |
Assign SEND AS permissions to the Shared Mailbox
Assign SEND AS permissions for Shared Mailbox
PowerShell command syntax
1 | Add-RecipientPermission <Shared Mailbox> -Trustee <Mail Recipient> -AccessRights SendAs -confirm:$False |
PowerShell command Example
1 | Add-RecipientPermission “Info Box” -Trustee Bob -AccessRights SendAs -confirm:$False |
Assign SEND AS permissions for ALL Shared Mailbox (Bulk)
PowerShell command Example
1 | Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Add-RecipientPermission -Trustee Bob -AccessRights SendAs -confirm:$False |
Assign permissions to the Shared Mailbox Calendar
To view the permissions of a specific mailbox folder such as Calendar folder, we need to use a syntax in which we define the mailbox name + the specific Folder name.
Given that the Exchange mailbox is the English language (defined as MailboxRegionalConfiguration), the calendar folder name whom we use is -“calendar.” In case that the Exchange mailbox uses a different Mailbox Regional Configuration, we will need to write the calendar folder name respectively.
Assign Publishing Editor permissions to the Shared Mailbox Calendar
PowerShell command Example
1 2 | $MailBoxCalendar = “Info Box”:\calendar Add-MailboxFolderPermission –Identity $MailBoxCalendar -AccessRight PublishingEditor -User Bob |
View (displays) various types of Mailbox permissions
View (displays) information about FULL ACCESS and SEND AS permissions
The default output of the PowerShell cmdlet Get-MailboxPermission that we use for view Mailbox permissions and the PowerShell cmdlet Get-RecipientPermission that we use for view SEND AS permissions, displays redundant information, that makes it difficult to understand the information about the Exchange mailbox permissions clearly.
For this reason, we add “filter” that removes that redundant information.
View (displays) FULL ACCESS permissions for Shared Mailbox
PowerShell command Example
1 | Get-MailboxPermission “Info Box” | Where-Object { ($_.IsInherited -eq $False) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select-Object Identity, user, AccessRights |
View (displays) SEND AS permissions for Shared Mailbox
PowerShell command Example
1 | Get-RecipientPermission “Info Box” | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like “NT AUTHORITY\SELF”) } | Select-Object Trustee, AccessRights |
View (displays) Calendar permissions for Shared Mailbox
PowerShell command Example
1 2 | $MailBoxCalendar = “Info Box”:\calendar Get-MailboxFolderPermission $MailBoxCalendar | Select-Object FolderName, user, AccessRights |
Remove permissions – Shared Mailbox
Remove FULL ACCESS permissions for Shared Mailbox
PowerShell command syntax
1 | Remove-MailboxPermission <Shared Mailbox> -AccessRights <The type of permissions> -User <Recipient> |
PowerShell command Example
1 | Remove-MailboxPermission “Info Box” -AccessRights FullAccess -User Bob |
Remove SEND AS permissions for Shared Mailbox
PowerShell command syntax
1 | Remove-RecipientPermission <Shared Mailbox> -AccessRights <The type of permissions> -Trustee <Recipient> |
PowerShell command Example
1 | Remove-RecipientPermission “Info Box” -AccessRights SendAs -Trustee Bob |
Remove Publishing Editor permissions to the Shared Mailbox Calendar
PowerShell command syntax
1 | Remove-MailboxFolderPermission <Shared Mailbox>:\calendar -User <Identity> |
PowerShell command Example
1 2 | $MailBoxCalendar = “Info Box”:\calendar Remove-MailboxFolderPermission $MailBoxCalendar -User Bob |
SECTION C: Convert Mailbox
A Shared mailbox can be converted to a “regular Exchange mailbox” and vice versa.
In a scenario in which we convert Shared mailbox to User mailbox (regular Exchange mailbox), we will need to assign an Office 365 license to the converted mailbox.
Convert Regular mailbox to Shared Mailbox
PowerShell command syntax
1 | Set-Mailbox <User Mailbox> -Type shared |
PowerShell command Example
1 | Set-Mailbox Bob -Type shared |
Convert Shared Mailbox to Regular Mailbox
PowerShell command syntax
1 | Set-Mailbox <Shared Mailbox> -Type Regular |
PowerShell command Example
1 | Set-Mailbox “Info Box” -Type Regular |
SECTION D: Shared Mailbox specific settings
Set Shared mailbox size
Set Shared mailbox size to 10 GB
PowerShell command syntax
1 | Set-Mailbox <Shared Mailbox> -ProhibitSendReceiveQuota <Size> -ProhibitSendQuota <Size> -IssueWarningQuota <Size> |
PowerShell command Example
1 | Set-Mailbox “Info Box” -ProhibitSendReceiveQuota 10GB -ProhibitSendQuota 9.75GB -IssueWarningQuota 9.5GB |
Define the behavior of Shared mailbox and Sent items folder
In a scenario in which we assign the SEND AS permissions to a recipient on a Shared mailbox, when the recipient sent an email on behalf of the Shared mailbox (using his SEND AS permissions) the mail that was sent, will be saved by default, in the Shared mailbox “Sent Items” but a copy of the sent mail, will not save in the mailbox of recipient.
To be able to change this default behavior, we can use the PowerShell parameter – MessageCopyForSentAsEnabled.
Set Shared Mailbox to Save a copy of sent mail items when using Send As permissions
PowerShell command Example
1 | Set-Mailbox “Info Box” -MessageCopyForSentAsEnabled $True |
View Shared Mailbox “Save a copy of sent mail items” settings
PowerShell command Example
1 | Get-Mailbox “Info Box” | Format-List Alias, MessageCopy* |
SECTION E: Display + Export information on Shared Mailbox
Display a list of existing Shared mailboxes
PowerShell command Example
1 | Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")'| Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress |
Export a list of existing Shared mailboxes
PowerShell command Example
1 | Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")'| Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress | Export-CSV C:\TEMP\"Shared mailboxes - INFO.CSV" –NoTypeInformation -Encoding utf8 |
Additional reading
- Save a copy of sent mail items when using Send As permissions | Shared mailbox | Office 365
- Restore Exchange Online Shared mailbox | Cloud only (Fully Hosted) environment | Part 7#23
- Create a shared mailbox
- Using Shared Mailboxes with Office 365
- Shared mailboxes in Exchange Online
- Using Shared Mailboxes in Office 365
Getting started with Office 365 PowerShell
Get more information about the Naming Conventions that are used in the PowerShell articles – Help and additional information – o365info.com PowerShell articles
To get more information about the required remote PowerShell commands that you need to use for connecting to Exchange Online, read the following article:
Connect to Exchange Online by using Remote PowerShell
To get more information about the required software component + the remote PowerShell commands that you need to use for connecting Azure Active Directory, read the following article: Part 2: Connect to Office 365 by using Remote PowerShell
If you are new in the PowerShell world, you can read more information about how to start working with PowerShell in Office 365 based environment in the following article series: Getting started with Office 365 PowerShell – Part 1, Part 2, Part 3.
In case that you need more information about how to use the o365info PowerShell scripts that I add to the PowerShell articles, you can read the article – How to run and use o365info PowerShell menu script
PowerShell command syntax – Office 365 | Article series index
It is important for us to know your opinion on this article
Hi.
Thank you for a great article. I’ve been struggling with Shared mailboxes, and this article has everything I need.
Could you explain what the AutoMAP function is?
Thank you.
Martin Robson.
Hello Martin
Regarding your question about the “AutoMap”:
The AutoMap feature is implemented in the following way: when you assign a “Full Access” permission to user object (for other user Mailbox), the user Mailbox is automatically appear in the user outlook mail profile.
When we assign a “Full Access” permission to group (instead of specific user), the AutoMap feature is not implemented, and by default, we will need to add the shared Mailbox manually to each of the group members. To avoid this operation, we use a little “trick”: before we assign the permission we “extract” each of the group member name (by using the command “ExpandProperty”) and assign the “Full Access” permission separately for each member. Using this option, we are able to use the AutoMap feature when assigning permission to group.
….which is the same as just adding a number of different Mailboxes with Full Access rights, so the security group -idea is futile.
How would one remove access rights in your “trick”?
I keep getting the same error. Did anyone figure this out?
awsome article beats help.outlook.com thanks a lot 🙂
I keep getting an error when trying to apply the trick to apply the rights to the distribution group. I keep getting an error stating that “Unexpected token ‘in’ in expression or statement.
great instructions thanks. compared to technet this is a breeze! thank god there’s sites like this to show us how to use microsoft systems… microsoft cant!
http://www.ironline.com.au/it-support-helpdesk/
great site and blog thanks. we use it heavily to help us implement Office 365 for our clients. even with Micrsoft Partner support this is more helpful… (they are terrible!)
http://www.ironline.com.au/it-support-helpdesk/
Thanks for this info. 🙂
Can you give a user read-only access to a Shared Mailbox?
Hi,
i want to use the “Assign Full Access permissions for each group member” function. Is there a function to delete the full permissions from the mailbox when the user not in the security group anymore?