#FAQFriday – How to add delegate permissions to Shared Mailboxes or Resource Mailboxes in Exchange Online with PowerShell

Shared Mailboxes and Resource Mailboxes are used frequently in every Exchange Online environment we design. Because of their prevalence, the question of “How can I add delegates with PowerShell?” comes up all the time.

This #FAQFriday blog shows how to use PowerShell to add delegates to Shared Mailboxes and Resource Mailboxes in Exchange Online

*Note: as with many Office 365 features and PowerShell commands, there are a variety of ways to achieve the same successful result. The one we are showing here is my favorite way. Also, some features change over time with Office 365, as new features and changes are rolled out daily.

Before we get started, you’ll need to log into PowerShell, connect it to your tenant – Exchange Online (steps 1-4 below). We recommend that you review the steps before you get started. They are as follows:

Summary Steps:

1. Connect-msolservice [enter admin credentials for O365]
2. $usercredential = Get-Credential [enter admin credentials for O365]
3. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
4. Import-PSSession $Session
5. Set the permissions.
6. Check the shared mailbox or resource mailbox to confirm success.
7. Related Questions & Tips

And now, we begin...

Step 1: Log into Office 365 and Exchange Online. Connect-msolservice [enter admin credentials for O365]
Step 2: $usercredential = Get-Credential [enter admin credentials for O365]
Step 3: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Step 4: Import-PSSession $Session
Step 5: Set the permissions.

Note: With these PowerShell commands, the Shared Mailboxes and Resource Mailboxes (room or equipment mailboxes) work the same way.

Example for adding a delegate named ‘Support’ as a delegate with full mailbox permissions to a Shared Mailbox called BoringMeetings:
Cmd: Add-MailboxPermission -Identity BoringMeetings -User 'Support' -AccessRights FullAccess -InheritanceType All
Example for adding a delegate named ‘Support’ as full mailbox permissions to a Resource Mailbox called Conf example:
Add-MailboxPermission -Identity Conf -User 'Support' -AccessRights FullAccess -InheritanceType All
Example for adding the user called Support as a SendOnBehalfTo delegate to the BoringMeetings Shared Mailbox:
Cmd: Set-Mailbox “BoringMeetings” –GrantSendOnBehalfTo support@cloudadv.com
To add multiple delegates to a shared mailbox or resource mailbox, use the user account name or the user’s email address.
Example for adding multiple SendOnBehalfTo delegates to a Resource Mailbox called Conf:
Set-Mailbox "Conf" -GrantSendOnBehalfTo "user1","user2","user3",”user4@company.com”
Example for adding the user called Support as a SendAs delegate to the BoringMeetings Shared Mailbox:
CMD: Add-RecipientPermission “Boringmeetings” –AccessRights SendAs –Trustee “support”
To skip the confirmation message, add:
 -Confirm:$false
Add-RecipientPermission "Conf" -AccessRights SendAs -Trustee "Support" -Confirm:$False
Step 6: Check the shared mailbox or resource mailbox permissions to confirm success.

 * This step can also be performed either in PowerShell or in the Exchange Admin Console > Recipients > Shared or Resources > Mailbox Delegates. However, the Send On Behalf permissions are not viewable under Mailbox Delegates for Shared Mailboxes (they are only viewable under Mailbox Delegates for Resource Mailboxes).
Step 7: Related Questions & Tips

What kind of errors might be experienced with this?
Login problems? If you cannot log in, confirm you are using a recent version of Windows PowerShell, and have the Office 365 module installed and updated. Also, check that your Office 365 account has an admin role will sufficient permissions (Global Admin, Exchange Admin or User Admin will suffice) to log into the tenant with PowerShell, and make changes to the accounts. Check that the Windows service Microsoft Online Services Sign-In Assistant service is running.

Does this work with all mailbox accounts?
Unfortunately in large environments where there are mailboxes with identical properties or duplicate names, there may some related duplicate errors or the mailboxes may not get updated, you may be able to avoid the duplicates with the delegates by using email addresses instead of user account names.

How can I add user permissions to one regular user mailbox?
Use the same login sequence to log into Exchange Online (described above).
Add-MailboxPermission -Identity UserMailbox1 -User 'admin' -AccessRights FullAccess -InheritanceType All


We hope you find this helpful! Stay tuned for future editions of our #FAQFriday blog series!

Related Posts

Recent

Archive

Categories

Tags