I just had to do some additional work in a project we have just finished. One of the main tasks has been adjusting some permissions for shared mailboxes.<\/p>\n
In this article, I wrote down some usefull PowerShell commands for managing shared mailboxes.<\/p>\n
<\/p>\n
A shared mailbox is a type of user mailbox that doesn’t have its own user name and password. As a result, users can’t log into them directly. To access a shared mailbox, users must first be granted Send As or Full Access permissions to the mailbox. Once that’s done, users sign into their own mailboxes and then access the shared mailbox by adding it to their Outlook profile. In Exchange 2003 and earlier, shared mailboxes were just a regular mailbox to which an administrator could grant delegate access.<\/p>\n
<\/p>\n
To a shared mailbox we can assign the following permissions:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Creating a shared mailbox is similar as creating any other type of mailbox in the Exchange management shell. The point we need to think about is to specify the type of the Mailbox. That means that the command could look like this:<\/p>\n
New-Mailbox \u2013Name \u2018Software development\u2019 \u2013Shared<\/pre>\n<\/p>\n
The first example showed us, how to create a simple shared Mailbox. However, normally this is not enough and we need to provide more information. One thing is to define an Alias and an smtp address. This we can do with the following command:<\/p>\n
New-Mailbox \u2013Name \u2018Software development\u2019 \u2013alias development \u2013Shared \u2013PrimarySmtpAddress dev@contoso.com<\/a><\/pre>\n<\/p>\n
Managing permissions<\/strong><\/h2>\n
As I have written in the beginning of this article, a shared mailbox is a mailbox without its own user and password. To be able to use a shared mailbox, we need to assign permissions to users. In this chapter we will learn, how to do that using PowerShell.<\/p>\n
If we continue with the shared mailbox we have created in the previous chapter, Software development, we want to assign full access to the user Desmond. This can be done by using the following command:<\/p>\n
Add-MailboxPermission \u2018Software development\u2019 \u2013User Desmond \u2013AccessRights FullAccess \u2013InheritanceType all<\/pre>\n<\/p>\n
If our Exchange has still the default configuration, the Mailbox \u201cSoftware development\u201d will be auto mapped to the User Desmond.<\/p>\n
However, sometimes we want to prevent that a shared mailbox will be auto mapped to a user with full access permissions. In this case, we need to add the following parameter to our command: -AutoMapping $False<\/em>. In this case, the command will look like this:<\/p>\n
Add-MailboxPermission \u2018Software development\u2019 \u2013User Desmond \u2013AccessRights FullAccess \u2013InheritanceType all \u2013AutoMapping $False<\/pre>\n<\/p>\n
Note<\/strong>: When we assign \u201cFull Access\u201d permission to a Group, the AutoMap feature is not \u201cactivated\u201d because, the Full Access permission granted to \u201cGroup Object,\u201d and not for the \u201cUser object\u201d (the group members).<\/p>\n
In this case, we will need to instruct each of the group members how to add the \u201cadditional Mailbox\u201d manually for the Exchange mailbox, which they have \u201cFull access\u201d permission.<\/p>\n
To avoid this default behaviour, we can use a \u201clittle trick,\u201d by using a PowerShell command.<\/p>\n
The PowerShell command will \u201cextract\u201d group members to a \u201cuser list\u201d and in the next step assigns the Full Access permission separately, for each user (each of the Group members).<\/p>\n
The command for that will look like this:<\/p>\n
$DL = Get-DistributionGroupMember \u201cdevelopment Department\u201d | Select-Object \u2013ExpandProperty Name ForEach ($Member in $DL) {Add-MailboxPermission \u2013Identity \u2018Software development\u2019 \u2013User $Member \u2013AccessRights \u2018FullAccess\u2019 \u2013InheritanceType All}<\/pre>\n<\/p>\n
We also can add SendAs or Send on Behalf permissions using Powershell. If we want to do that for a single mailbox, we can do it with the following example:<\/p>\n
Add-RecipientPermission \u2018development Department\u2019 \u2013Trustee Desmond \u2013AccessRights SendAs \u2013confirm:$false<\/pre>\n<\/p>\n
Of course, we also can set the SendAs permission for Desmond to all of our shared mailboxes. To do that, we need the following command:<\/p>\n
Get-Mailbox \u2013Filter \u2018(RecipientTypeDetails \u2013eq \u201cSharedMailbox\u201d)\u2019 | Add-RecipientPermission \u2013Trustee Desmond \u2013AccessRights SendAs \u2013confirm:$False<\/pre>\n<\/p>\n
Shared Mailbox Calendar permission<\/strong><\/h3>\n
We also can assign dedicated permission to a calendar of a shared mailbox. To be able to do that, we need the specific syntax of the calendar folder.<\/p>\n
Note<\/strong>: by working with this syntax, we need to know about the shared mailbox language. If the shared mailbox is set-up in English the syntax will be \u2018calendar\u2019, if it is configured in German as example, the syntax will be calendar. To add dedicated permissions to a calendar of a shared mailbox to Desmond, we need to use the following command:<\/p>\n
$MailboxCalendar = \u201cdevelopment\u201d:\\calendar\r\nAdd-MailboxFolderPermission \u2013Identity $MailboxCalendar \u2013AccessRight PublishingEditor \u2013User Desmond<\/pre>\n<\/p>\n
As we can see in the last command, we need now to define different permissions called AccessRights. If you need to know, which AccessRights can be set for configuring the FolderPermissions, you can follow the Microsoft Link HERE <\/strong><\/a><\/p>\n
<\/p>\n
Display various types of Mailbox permissions<\/strong><\/h2>\n
The default output of the PowerShell cmdlet Get-MailboxPermission that we use for view Mailbox permissions and the PowerShell cmdlet Get-RecipientPermission that we use for view SEND AS permissions, displays redundant information, that makes it difficult to understand the information about the Exchange mailbox permissions clearly.<\/p>\n
For this reason, we add \u201cfilter\u201d that removes that redundant information.<\/p>\n
<\/p>\n
Displaying FullAccess permissions for shared mailboxes:<\/p>\n
Get-MailboxPermission \u201cdevelopment Department\u201d | Where-Object { ($_.IsInherited -eq $False) -and -not ($_.User -like \u201cNT AUTHORITY\\SELF\u201d) } | Select-Object Identity, user, AccessRights<\/pre>\n<\/p>\n
Displaying SendAs permissions for shared mailboxes:<\/p>\n
Get-RecipientPermission \u201cdevelopment Department\u201d | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like \u201cNT AUTHORITY\\SELF\u201d) } | Select-Object Trustee, AccessRights<\/pre>\n<\/p>\n
Displaying Calendar permissions for shared mailboxes:<\/p>\n
$MailBoxCalendar = \u201cdevelopment Department\u201d:\\calendar\r\nGet-MailboxFolderPermission $MailBoxCalendar | Select-Object FolderName, user, AccessRights<\/pre>\n<\/p>\n
<\/p>\n
<\/p>\n
Converting Mailboxes<\/strong><\/h2>\n
Microsoft Exchange allows us to convert our mailboxes into different types between shared mailboxes, resource mailboxes and regular user mailboxes. However, if we have a look on Exchange online at this moment, we need for each user mailbox an Exchange online license. However, by using shared mailboxes an Exchange online license is not needed. If we want to convert a regular user Mailbox to a shared mailbox, we can run the following command:<\/p>\n
Set-Mailbox Desmond \u2013Type shared<\/pre>\n<\/p>\n
And if we want to go the opposed way, we just need to change the \u2013Type<\/em> parameter:<\/p>\n
Set-Mailbox Desmond \u2013Type Regular<\/pre>\n<\/p>\n
Configuring Mailbox size<\/strong><\/h2>\n
By default every mailbox uses the parameter of the Mailbox Database where the Mailbox was created. However, by using PowerShell we are able to overrule this setting:<\/p>\n
Set-Mailbox \u201cdevelopment Department\u201d -ProhibitSendReceiveQuota 50GB -ProhibitSendQuota 49.7GB -IssueWarningQuota 49.5GB<\/pre>\n<\/p>\n
<\/p>\n
Photo by Kasya Shahovskaya<\/a> on Unsplash<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
I just had to do some additional work in a project we have just finished. One of the main tasks has been adjusting some permissions for shared mailboxes. In this article, I wrote down some usefull PowerShell commands for managing shared mailboxes. What is a shared mailbox? A shared mailbox is a type of […]<\/p>\n","protected":false},"author":1,"featured_media":2942,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[2,3],"tags":[],"class_list":["post-2940","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exchange","category-powershell"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/2940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2940"}],"version-history":[{"count":5,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/2940\/revisions"}],"predecessor-version":[{"id":3084,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/2940\/revisions\/3084"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/media\/2942"}],"wp:attachment":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}