Grant online user delegation to on-premises
account
Summary: Learn how to assign permissions for mailboxes and groups in Exchange 2016 so other users can open the mailbox, send mail from the mailbox, or send mail from the group.
https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions
The scenario that online exchange users in the hybrid environment were unable to have permission on the on-premises mailboxes such as (shared mailboxes, public folders, and users mailboxes).Therefore, there was a workaround
Now this is solved it can do not using the following
We will use two different commands
Full Access and Send As
Full Access: Allows the delegate to open the mailbox, and view, add and remove the contents of the mailbox. Does not allow the delegate to send messages from the mailbox.
as you can see below Full access only can be done using the ECP
press the + and the delegation for a user on the cloud
Automapping is by default
Also, allow the automapping
Use the Add-MailboxPermission cmdlet in the Exchange Management Shell to assign the Full Access permission with the -AutoMapping $false
PowerShell used
Send As
Allows the delegate to send messages as if they came directly from the mailbox or group. There is no indication that the message was sent by the delegate.
Does not allow the delegate to read the contents of the mailbox. However, this is done by full access
Add-MailboxPermission
Note: this cmdlet is available only in on-premises Exchange.
Let’s start
PowerShell for full access if you wan
First, give the full access this is very easy and so straightforward
Add-MailboxPermission -Identity CIC@Domain.com -User ADMIN -AccessRights FullAccess -AutoMapping $true
This gives the user ADMIN full permission on the CIC user also it auto maps the mailbox to his outlook
Second, we will give the send as
First, we need to get the identity using the following command
The Identity parameter requires you to use the Name or DistinguishedName (DN) value of the mailbox or group.
From <https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions>
First
Get-Recipient -Identity CIC | Format-List Name,DistinguishedName
Now use the output of the name
Add-ADPermission -Identity “Internal Communication” -User admin -ExtendedRights “send As”
This gives the ADMIN send as permission on the CIC
Now he can read and send from this mailbox
You can run the following command to make sure
Get-MailboxPermission CIC| select identity, user, accessrights | FT
Leave a Reply