Grant online user delegation to on-premises account

Karim Zaki

Grant online user delegation to on-premises
account

Summary: Learn how to assign permissions for mailboxes and groups in Exchange 2016 so other users can open the mailbox, send mail from the mailbox, or send mail from the group.

https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions

The scenario that online exchange users in the hybrid environment were unable to have permission on the on-premises mailboxes such as (shared mailboxes, public folders, and users mailboxes).Therefore, there was a workaround

Now this is solved it can do not using the following

We will use two different commands

Full Access and Send As

Full Access: Allows the delegate to open the mailbox, and view, add and remove the contents of the mailbox. Does not allow the delegate to send messages from the mailbox.

as you can see below Full access only can be done using the ECP

press the + and the delegation for a user on the cloud

fullaccess

Automapping is by default

Also, allow the automapping

Use the Add-MailboxPermission cmdlet in the Exchange Management Shell to assign the Full Access permission with the -AutoMapping $false

PowerShell used

Send As

Allows the delegate to send messages as if they came directly from the mailbox or group. There is no indication that the message was sent by the delegate.
Does not allow the delegate to read the contents of the mailbox. However, this is done by full access

Add-MailboxPermission

Note: this cmdlet is available only in on-premises Exchange.

Let’s start

PowerShell for full access if you wan

First, give the full access this is very easy and so straightforward

Add-MailboxPermission -Identity CIC@Domain.com -User ADMIN -AccessRights FullAccess -AutoMapping $true

This gives the user ADMIN full permission on the CIC user also it auto maps the mailbox to his outlook

Second, we will give the send as

First, we need to get the identity using the following command

The Identity parameter requires you to use the Name or DistinguishedName (DN) value of the mailbox or group.

From <https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions>

First

Get-Recipient -Identity CIC | Format-List Name,DistinguishedName

Now use the output of the name

Add-ADPermission -Identity “Internal Communication” -User admin -ExtendedRights “send As”

This gives the ADMIN send as permission on the CIC

Now he can read and send from this mailbox

You can run the following command to make sure

Get-MailboxPermission CIC| select identity, user, accessrights | FT

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.