Grant online user delegation to on-premises account

Aside


Grant online user delegation to on-premises
account

Summary: Learn how to assign permissions for mailboxes and groups in Exchange 2016 so other users can open the mailbox, send mail from the mailbox, or send mail from the group.

https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions

The scenario that online exchange users in the hybrid environment were unable to have permission on the on-premises mailboxes such as (shared mailboxes, public folders, and users mailboxes).Therefore, there was a workaround

Now this is solved it can do not using the following

We will use two different commands

Full Access and Send As

Full Access: Allows the delegate to open the mailbox, and view, add and remove the contents of the mailbox. Does not allow the delegate to send messages from the mailbox.

as you can see below Full access only can be done using the ECP

press the + and the delegation for a user on the cloud

fullaccess

Automapping is by default

Also, allow the automapping

Use the Add-MailboxPermission cmdlet in the Exchange Management Shell to assign the Full Access permission with the -AutoMapping $false

PowerShell used

Send As

Allows the delegate to send messages as if they came directly from the mailbox or group. There is no indication that the message was sent by the delegate.
Does not allow the delegate to read the contents of the mailbox. However, this is done by full access

Add-MailboxPermission

Note: this cmdlet is available only in on-premises Exchange.

Let’s start

PowerShell for full access if you wan

First, give the full access this is very easy and so straightforward

Add-MailboxPermission -Identity CIC@Domain.com -User ADMIN -AccessRights FullAccess -AutoMapping $true

This gives the user ADMIN full permission on the CIC user also it auto maps the mailbox to his outlook

Second, we will give the send as

First, we need to get the identity using the following command

The Identity parameter requires you to use the Name or DistinguishedName (DN) value of the mailbox or group.

From <https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions>

First

Get-Recipient -Identity CIC | Format-List Name,DistinguishedName

Now use the output of the name

Add-ADPermission -Identity “Internal Communication” -User admin -ExtendedRights “send As”

This gives the ADMIN send as permission on the CIC

Now he can read and send from this mailbox

You can run the following command to make sure

Get-MailboxPermission CIC| select identity, user, accessrights | FT

Advertisements

Why I could be marked as spam or phishing email?

Aside


Most probably because your message did not pass the DMARC Authentication
Continue reading

Users in a hybrid deployment can’t access a shared mailbox that was created in Exchange Online [Resolved]


Users in a hybrid deployment can’t access a shared mailbox that was created in Exchange Online [Resolved]

  • Date: 24/04/2018 10 minutes to read

    Applies to: Exchange Online, Exchange Server 2016, Enterprise Edition, Exchange Server 2016, Standard Edition, Exchange Server 2013 Enterprise Exchange

CAUSE

These issues can occur when the shared mailbox is created by using the Exchange Online management tools. In this situation, the on-premises Exchange environment has no object to reference for the shared mailbox. Therefore, all queries for that SMTP address fail.
Continue reading

shared mailbox Auto-mapping isn’t appearing for online users

Aside


This is a very well know issue or you can say not well known for most of the admins

The issue is the auto mapping option

This option

Continue reading

On-premises user isn’t receiving emails from online user


On-premises user isn’t receiving emails from online user

 

First we must move the user to un synced OU

The log in the the server which have the Azure AD sync tool

And open the windows azure active directory tool

Now that we have moved the user in a unsynchronized OU and that it’s appearing in the “Deleted users” section, you have to forcefully delete the user so you won’t have to wait for 30 days:

Run the following command

In the azure power shell

Start-ADSyncSyncCycle -PolicyType Delta

Then open the PowerShell and connect to the online exchange

Use the following command

Import-Module MSOnline

$O365Cred = Get-Credential

$O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection

Import-PSSession $O365Session

Connect-MsolService -Credential $O365Cred

Then run the following to get the object ID

Get-MsolUser -ReturnDeletedUsers | FL -Property ObjectId,displayname

We must get the user objectID

Remove-MsolUser -ObjectId 080535c0-061a-4b0e-a6fe-48ed7fc9159d -RemoveFromRecycleBin -Force    

Note: make sure you enter the correct ObjectId

After deleting the user, you will have to make sure his cloud mailbox is also deleted using one of the following cmdlets:

Get-Mailbox -Identity “username@domain.com | Remove-Mailbox -PermantentlyDelete $true

Get-Mailbox -SoftDeletedMailbox “ username@domain.com ” | Remove-Mailbox -PermantentlyDelete $true

Now do another delta sync in the azure AD server

Start-ADSyncSyncCycle -PolicyType Delta

After the cloud user and cloud mailbox are completely removed from the tenant, move the user from your local AD back into the synchronized OU, do a Delta Sync and then wait for the user to appear again in the Office 365 cloud, under Active users. Do not assign a license to the user.

Now move him back to the synced OU

And run the command

Start-ADSyncSyncCycle -PolicyType Delta