Grant online user delegation to on-premises account

Aside


Grant online user delegation to on-premises
account

Summary: Learn how to assign permissions for mailboxes and groups in Exchange 2016 so other users can open the mailbox, send mail from the mailbox, or send mail from the group.

https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions

The scenario that online exchange users in the hybrid environment were unable to have permission on the on-premises mailboxes such as (shared mailboxes, public folders, and users mailboxes).Therefore, there was a workaround

Now this is solved it can do not using the following

We will use two different commands

Full Access and Send As

Full Access: Allows the delegate to open the mailbox, and view, add and remove the contents of the mailbox. Does not allow the delegate to send messages from the mailbox.

as you can see below Full access only can be done using the ECP

press the + and the delegation for a user on the cloud

fullaccess

Automapping is by default

Also, allow the automapping

Use the Add-MailboxPermission cmdlet in the Exchange Management Shell to assign the Full Access permission with the -AutoMapping $false

PowerShell used

Send As

Allows the delegate to send messages as if they came directly from the mailbox or group. There is no indication that the message was sent by the delegate.
Does not allow the delegate to read the contents of the mailbox. However, this is done by full access

Add-MailboxPermission

Note: this cmdlet is available only in on-premises Exchange.

Let’s start

PowerShell for full access if you wan

First, give the full access this is very easy and so straightforward

Add-MailboxPermission -Identity CIC@Domain.com -User ADMIN -AccessRights FullAccess -AutoMapping $true

This gives the user ADMIN full permission on the CIC user also it auto maps the mailbox to his outlook

Second, we will give the send as

First, we need to get the identity using the following command

The Identity parameter requires you to use the Name or DistinguishedName (DN) value of the mailbox or group.

From <https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions>

First

Get-Recipient -Identity CIC | Format-List Name,DistinguishedName

Now use the output of the name

Add-ADPermission -Identity “Internal Communication” -User admin -ExtendedRights “send As”

This gives the ADMIN send as permission on the CIC

Now he can read and send from this mailbox

You can run the following command to make sure

Get-MailboxPermission CIC| select identity, user, accessrights | FT

Advertisements

Windows Server 2016 Update settings

Aside


Windows Server 2016 Update settings

 

Hi, guys, I noticed that server 2016 doesn’t have options to schedule updates and restart but I found that it can be done by 3 scenarios I will share it with you all 

First, I found the following useful policy and website 


Configure Group Policy Settings for Automatic Updates
this link is very useful in describing every policy what it can do 

Second

Go to CMD and run the 

Sconfig


Choose option 5 

Third method 

Registry keys

n Windows Server 2016 there are no GUI options available to change the update behavior.
In this blog I was outline the different ways to change the Windows Server 2016 Update settings.

Windows Server 2016 Update settings

Windows always looks at registry keys located in the following hive:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Typically there is a key named ‘AUOptions’ with a value in the range 2-5, and have the following meaning:

– 2 = Notify before download.
– 3 = Automatically download and notify of installation.
– 4 = Automatically download and schedule installation. Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime.
– 5 = Automatic Updates is required and users can configure it.

But if there is a ‘NoAutoUpdate’ key with the value of ‘1’, no updates will be processed by Windows.


PowerShell

You can change the registry key with the help of Powershell directly:

Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name AUOptions -Value 3

 

Windows Server 2016 Update settings