Skip to content

Manage user mailbox with PowerShell

In this article, we will show you how to manage a Microsoft 365 user mailbox with PowerShell. Learn how to create a new user mailbox, manage different mailbox permissions, export mailbox information, convert user mailbox to another type and delete the mailbox.

Microsoft 365 mailbox types

There are four different mailbox types in Microsoft 365:

  1. User mailbox
  2. Shared mailbox
  3. Room mailbox
  4. Equipment mailbox

In this article, we will cover how to manage the regular user mailbox with PowerShell.

Connect to Exchange Online PowerShell

To be able to run PowerShell commands, you must Connect to Exchange Online PowerShell.

Open Windows PowerShell as administrator and run the below cmdlet.

Connect-ExchangeOnline

Sign in to your account and enter the password.

Connect to Exchange Online PowerShell sign in

1. Create new user mailbox

A regular user mailbox is a special type of Exchange mailbox. You must use the Microsoft 365 admin center or Exchange Online PowerShell to create a user mailbox. We will only show the PowerShell commands.

Run the New-Mailbox cmdlet and fill in the information for the following parameters:

  • Alias
  • Name
  • FirstName
  • LastName
  • DisplayName
  • MicrosoftOnlineServicesID (User email address)

The below PowerShell command will create a new user mailbox named Kelly Test. We added the parameter -RestetPasswordOnNextLogon, so the user needs to reset the password the first time they sign in to Microsoft 365.

New-Mailbox -Alias "Kelly1" -Name "KellyTest" -FirstName "Kelly" -LastName "Test" -DisplayName "Kelly Test" -MicrosoftOnlineServicesID "KellyTest@m365info.com" -Password (ConvertTo-SecureString -String 'P@s$w0rd' -AsPlainText -Force) -ResetPasswordOnNextLogon $true

The PowerShell output shows the new user mailbox you created and a warning to notify you that a license is needed.

PS C:\> New-Mailbox -Alias "Kelly1" -Name "KellyTest" -FirstName "Kelly" -LastName "Test" -DisplayName "Kelly Test" -MicrosoftOnlineServicesID "KellyTest@m365info.com" -Password (ConvertTo-SecureString -String 'P@s$w0rd' -AsPlainText -Force) -ResetPasswordOnNextLogon $true

Name                      Alias           Database                       ProhibitSendQuota   
----                      -----           --------                       -----------------   
KellyTest                 Kelly1          EURPR02DG514-db460             99 GB (106,300,44...
WARNING: After you create a new mailbox, you must go to the Office 365 Admin Center and assign 
the mailbox a license, or it will be disabled after the grace period.

Note: Remember to assign a license within 30 days to this new user to activate this mailbox.

2. Manage user mailbox permissions

You can give other licensed users different permissions to another Microsoft 365 user mailbox:

  • Read and manage permissions (Full Access)
  • Send As permissions
  • Send on behalf of permissions

It means you can add other licensed users and give them permission to the new user mailbox.

When we assign a user Full Access permission to another user’s mailbox, the mailbox is automatically added to the user’s Outlook mail profile. This feature is described as AutoMap and is enabled by default.

Assign Full Access permission user mailbox

We will run the Add-MailboxPermission cmdlet to manage the Full Access permission for mailboxes.

Note: You must have a licensed user mailbox to manage permissions.

PowerShell command syntax.

Add-MailboxPermissions "User Mailbox" -User "Mail Recipient" -AccessRights FullAccess -InheritanceType All

Run the below PowerShell command to assign a mailbox to a user mailbox.

Add-MailboxPermission "User Test" -User "David Kent" -AccessRights FullAccess -InheritanceType all

The PowerShell output shows that you successfully assigned Full Access rights to the specific user.

PS C:\> Add-MailboxPermission "User Test" -User "David Kent" -AccessRights FullAccess -InheritanceType all

Identity User                 AccessRights IsInherited Deny 
-------- ----                 ------------ ----------- ---- 
UserTest S-1-5-21-70143928... {FullAccess} False    False

Assign Full Access permission user mailbox without Automapping

We want to assign a specific user Full Access permission to another user mailbox. You can disable the AutoMap option when you assign permissions. In this case, we don’t want the user mailbox to automatically add to the specific user’s Outlook profile.

So you must add the PowerShell parameter -AutoMapping with the value $False.

Run the below PowerShell command to give the user “David Kent” Full Access permissions to another user’s mailbox without automapping

Add-MailboxPermission "User Test" -User "David Kent" -AccessRights FullAccess -InheritanceType All –AutoMapping $False

The PowerShell output shows that you have successfully assigned Full Access rights to the user mailbox.

PS C:\> Add-MailboxPermission "User Test" -User "David Kent" -AccessRights FullAccess -InheritanceType All –AutoMapping $False

Identity             User                 AccessRights                       IsInherited Deny 
--------             ----                 ------------                       ----------- ---- 
UserTest             S-1-5-21-70143928... {FullAccess}                       False       False

Bulk assign Full Access permission user mailbox without Automapping

You can also bulk assign a single user mailbox (David Kent) Full Access permissions to all user mailboxes. We will also add the parameter -Automapping to disable automatic automapping in Outlook.

Use the below PowerShell command to assign Full Access permission for a specific user for all Office 365 user mailboxes.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Add-MailboxPermission -User "David Kent" -AccessRights FullAccess -InheritanceType All -AutoMapping $False

The PowerShell output will look like the example below.

PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Add-MailboxPermission -User "David Kent" -AccessRights FullAccess -InheritanceType All -AutoMapping $False

Identity             User                 AccessRights IsInherited Deny 
--------             ----                 ------------ ----------- ---- 
ea2b7e6a-fb01-42e... S-1-5-21-70143928... {FullAccess} False       False
d912b0fc-6f7e-4ec... S-1-5-21-70143928... {FullAccess} False       False
eec2668a-0773-494... S-1-5-21-70143928... {FullAccess} False       False
fd199cb4-2ebf-417... S-1-5-21-70143928... {FullAccess} False       False
fa956d8c-87df-4cd... S-1-5-21-70143928... {FullAccess} False       False
d89be5ce-6495-400... S-1-5-21-70143928... {FullAccess} False       False
a9532b30-4edb-4b6... S-1-5-21-70143928... {FullAccess} False       False
b602b148-2fcf-435... S-1-5-21-70143928... {FullAccess} False       False
3bb176aa-d0ba-47f... S-1-5-21-70143928... {FullAccess} False       False
41377e9c-dc47-46c... S-1-5-21-70143928... {FullAccess} False       False
KellyTest            S-1-5-21-70143928... {FullAccess} False       False

Remove Full Access permissions user mailbox

Let’s say that you made a mistake and want to remove the Full Access permissions of a user mailbox. We will run the Remove-MailboxPermission cmdlet to remove permission from a user mailbox.

PowerShell command syntax.

Remove-MailboxPermission "User Mailbox" -AccessRights "The type of permissions" -User "Recipient"

Use the below PowerShell command to remove Full Access permissions of a user mailbox.

Remove-MailboxPermission "Brenda Smith" -AccessRights FullAccess -User "David Kent"

To verify you removed the user’s Full Access permissions from this specific user mailbox, run the Get-MailboxPermission.

Run the below PowerShell command to see all Full Access permissions of a single user mailbox.

Get-MailboxPermission "Brenda Smith" | Where-Object { ($_.IsInherited -eq $False) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select-Object Identity, User, AccessRights

If the PowerShell output is empty, you haven’t assigned any mailbox with Full Access permissions.

Assign Send As permissions user mailbox

You can assign Send As permissions to a regular user mailbox. In our example, we want to give the user mailbox (KellyTest) the Send As permissions to another user mailbox (Brenda Smith).

PowerShell command syntax.

Add-RecipientPermission "User Mailbox" -Trustee "Mail Recipient" -AccessRights SendAs -Confirm:$False

Use the below PowerShell example to assign Send As permissions for a user mailbox.

Add-RecipientPermission "Brenda Smith" -Trustee "KellyTest" -AccessRights SendAs -Confirm:$False

The PowerShell output shows.

PS C:\> Add-RecipientPermission "Brenda Smith" -Trustee "KellyTest" -AccessRights SendAs -Confirm:$False

Identity                             Trustee   AccessControlType AccessRights Inherited
--------                             -------   ----------------- ------------ ---------
d912b0fc-6f7e-4ec2-a9e4-854ed27a511a KellyTest Allow             {SendAs}     False    

Bulk assign Send As permission user mailbox

You can also assign Send As permission of a specific user to all user mailboxes in one PowerShell command. In our example, we want to assign the user mailbox (Brenda Smith) to all Office 365 user mailboxes.

Run the below PowerShell command example.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Add-RecipientPermission -Trustee "Brenda Smith" -AccessRights SendAs -Confirm:$False

The PowerShell output shows all the user mailboxes where it assigned Send As permissions.

PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Add-RecipientPermission -Trustee "Brenda Smith" -AccessRights SendAs -Confirm:$False

Identity                             Trustee                              AccessControlType
--------                             -------                              -----------------
ea2b7e6a-fb01-42e3-9fb8-ccf13a5f2e67 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
d912b0fc-6f7e-4ec2-a9e4-854ed27a511a d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
eec2668a-0773-4947-93ba-2223f6acfe55 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
fd199cb4-2ebf-4171-96e2-12fd75453e39 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
fa956d8c-87df-4cd4-ac2a-ac1f3d7cac8b d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
d89be5ce-6495-4009-b61b-81126c239c34 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
a9532b30-4edb-4b66-a3b0-6ac972a6065b d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
b602b148-2fcf-435a-9d34-ce72c3a8c748 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
3bb176aa-d0ba-47f7-aecc-f4837593006e d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow            
KellyTest                            d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Allow         

Remove Send As permissions user mailbox

If you made a mistake and didn’t want to give Send As permissions of a user mailbox (Brenda Smith) to another user mailbox (David Kent), you can remove it.

Let’s show how you can remove the Send As permission of the single user mailbox.

PowerShell command syntax.

Remove-RecipientPermission "User Mailbox" -AccessRights "The type of permissions" -Trustee "Recipient" -Confirm:$False

Run the PowerShell command example to remove Send As permissions from Brenda Smith’s user mailbox.

Remove-RecipientPermission "Brenda Smith" -AccessRights SendAs -Trustee "David Kent" -Confirm:$False

To verify you removed the Send As permission from Brenda Smith’s user mailbox, run the Get-RecipientPermission.

Run the below PowerShell command to see all Send As permission for a single user mailbox (Brenda Smith).

Get-RecipientPermission "Brenda Smith" | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like "NT AUTHORITY\SELF") } | Select-Object Trustee, AccessRights

If the PowerShell output is empty, you haven’t assigned any mailbox with Send As permissions.

3. Display information user mailbox

Run the below PowerShell command to get a list of all licensed user mailboxes.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailBox")' | Select Name,Alias

The PowerShell output looks like the below example.

PS C:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailBox")' | Select Name,Alias

Name                                 Alias         
----                                 -----         
ea2b7e6a-fb01-42e3-9fb8-ccf13a5f2e67 Stephen.Hunter
d912b0fc-6f7e-4ec2-a9e4-854ed27a511a Brenda.Smith  
eec2668a-0773-4947-93ba-2223f6acfe55 David.Kent    
fd199cb4-2ebf-4171-96e2-12fd75453e39 Susan.Brown   
fa956d8c-87df-4cd4-ac2a-ac1f3d7cac8b Chris.Lucas   
d89be5ce-6495-4009-b61b-81126c239c34 George.Wilson 
a9532b30-4edb-4b66-a3b0-6ac972a6065b Jill.Bates    
b602b148-2fcf-435a-9d34-ce72c3a8c748 Diana.Baker   
3bb176aa-d0ba-47f7-aecc-f4837593006e Mary.James    
41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5 Amanda.Hansen 
KellyTest                            Kelly1  

Export list of licensed user mailboxes to CSV file

You can export information about all the existing user mailboxes to a single CSV file. This way, you can easily search for the different user mailboxes.

Run the below PowerShell command to export a list of all user mailboxes to a CSV file.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Select-Object DisplayName,Alias,RecipientTypeDetails,PrimarySmtpAddress | Export-CSV "C:\temp\User Mailboxes Info.CSV" –NoTypeInformation -Encoding UTF8

Once you export the information, you can find the CSV file in the C:\temp folder.

Open the CSV file with an application like Microsoft Excel to see the results.

Manage user mailbox with PowerShell export information CSV file

Display user mailbox information permissions

Display information about Full Access and Send As permission:

  1. The PowerShell cmdlet Get-MailboxPermission shows Full Access permission
  2. The PowerShell cmdlet Get-RecipientPermission shows Send As permission

The default output of both these PowerShell commands shows redundant information, making it difficult to understand the Exchange mailbox permissions clearly. For this reason, we will filter and remove redundant information.

In our example, we want to see the information on Brenda Smith’s user mailbox.

1. Display Full Access permission of a user mailbox

Run the below PowerShell command to show all Full Access permissions of a user mailbox.

Get-MailboxPermission "Brenda Smith" | Where-Object { ($_.IsInherited -eq $False) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select-Object Identity, User, AccessRights

The PowerShell output shows all the Full Access permission of a user mailbox (Brenda Smith).

PS C:\> Get-MailboxPermission "Brenda Smith" | Where-Object { ($_.IsInherited -eq $False) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select-Object Identity, User, AccessRights

Identity                             User                    AccessRights
--------                             ----                    ------------
d912b0fc-6f7e-4ec2-a9e4-854ed27a511a David.Kent@m365info.com {FullAccess}

2. Display Send As permission of a user mailbox

Run the below PowerShell command to show all Send As permissions of a user mailbox.

Get-RecipientPermission "Brenda Smith" | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like "NT AUTHORITY\SELF") } | Select-Object Trustee, AccessRights

The PowerShell output shows all the Send As permissions of a user mailbox (Brenda Smith).

PS C:\> Get-RecipientPermission "Brenda Smith" | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like "NT AUTHORITY\SELF") } | Select-Object Trustee, AccessRights

Trustee                    AccessRights
-------                    ------------
Brenda.Smith@m365info.com  {SendAs}    
Amanda.Hansen@m365info.com {SendAs}    
KellyTest@m365info.com     {SendAs}  

4. Convert user mailbox

You can easily convert a licensed user mailbox to a shared, room or equipment mailbox.

Note: You can’t convert a user mailbox without an Exchange Online license assigned.

Convert user mailbox to shared mailbox

Run the PowerShell command to Convert the user mailbox to shared mailbox.

Get-Mailbox "KellyTest" | Set-Mailbox -Type Shared

Convert user mailbox to room mailbox

Use the PowerShell command to convert the user mailbox to room mailbox.

Get-Mailbox "KellyTest" | Set-Mailbox -Type Room

Convert user mailbox to equipment mailbox

Run the PowerShell command to convert user mailbox to equipment mailbox.

Get-Mailbox "KellyTest" | Set-Mailbox -Type Equipment

5. Delete user mailbox

You can easily soft delete a specific user mailbox with PowerShell. It means the deleted user will stay in the Azure AD recycle bin for 30 days before it is permanently deleted. You can restore deleted users in Manage Microsoft 365 users recycle bin.

Soft delete user mailbox

You can soft delete a single user mailbox.

PowerShell command syntax:

Remove-Mailbox -Identity "<User Identity>" -Confirm:$False

PowerShell command example:

Remove-Mailbox -Identity "KellyTest" -Confirm:$False

Bulk soft delete user mailbox

Run the below PowerShell command to bulk soft delete user mailboxes.

Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailBox")' -ResultSize Unlimited | Remove-Mailbox -Confirm:$False

Hard delete user mailbox

If you want to hard delete a mailbox permanently, you need to go through a couple of steps. Read more about it in the article Force delete Microsoft 365 mailbox with PowerShell.

Did this help you to manage Office 365 user mailboxes with PowerShell?

Read more: Export Microsoft 365 user licenses »

Conclusion

You learned how to create a new regular user mailbox and manage permissions with PowerShell. Once you export information about all user mailboxes, you can easily convert the regular mailbox to another type. With PowerShell, you can bulk soft delete user mailbox.

Did you enjoy this article? You may also like Reset MFA for Microsoft 365 user. Don’t forget to follow us and share this article.

o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *