- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
Managing mailboxes in Office 365 Exchange Online with PowerShell gives you access to more options, and in some cases, is faster than using the Office 365 Admin Center. To manage Exchange Online with PowerShell, you’ll first need to install the Microsoft Online Service Sign-in Assistant for IT Professionals and the Azure Active Directory Module for Windows PowerShell. (Please note: Both downloads are for 64-bit Windows; support for the 32-bit Azure Active Directory PowerShell module ended in October 2014.)
Connecting to Exchange Online
Before connecting to Office 365, you’ll need to update the Execution Policy on your management station to RemoteSigned. To do this, run a PowerShell session as Administrator, run the following, and answer Y when prompted:
Set-ExecutionPolicy RemoteSigned
Next, you’ll need to connect to Office 365 Exchange Online. I usually keep a copy of the three lines of PowerShell below in a standalone .ps1 file for quick access when I need to connect:
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session
This script will prompt for your Office 365 administrator credentials, connect to Exchange Online, and make the Office 365 PowerShell cmdlets available to you.
Creating and configuring a shared mailbox
Now that you’re connected to Exchange Online, you can create your first shared mailbox with PowerShell. The bare minimum you’ll need is:
New-Mailbox -Shared -Name $shared_mailbox_name
This is really just the bare bones and will get you a new shared mailbox that uses $shared_mailbox_name as the display name and email address. But where’s the fun in that? You’ll probably want something more like this:
New-Mailbox -Shared -DisplayName $shared_mailbox_displayname -Name $shared_mailbox_name -Alias $shared_mailbox_alias -PrimarySmtpAddress $shared_mailbox_primarysmtp
In our last one-liner, we added some new parameters. First off is the DisplayName parameter; this sets the name that shows when someone sends from the shared mailbox. The Name field is a required parameter that uniquely identifies the account. The Alias parameter sets the Exchange alias and will set the email address using the default domain that you’ve configured in Office 365. The PrimarySmtpAddress parameter specifies the default address for the mailbox. If you don’t specify PrimarySmtpAddress, the New-Mailbox will use the Alias parameter to set primary SMTP.
Adding a user to the shared mailbox
Adding users to the shared mailbox is a two-step process. First, we’ll need to give the user access to the mailbox:
Add-MailboxPermission -Identity $shared_mailbox_primarysmtp -AccessRights FullAccess -InheritanceType All -AutoMapping:$true -User $mailbox_user
The Add-MailboxPermission cmdlet is responsible for giving users access to the shared mailbox. The Identity parameter accepts just about anything about the shared mailbox: alias, display name, SMTP address, etc. I typically use the primary SMTP address because that’s how most customers know the mailbox. The AccessRights parameter specifies what level of access the user needs; in almost all situations for a shared mailbox, you need FullAccess. The InheritanceType parameter set to All specifies that folders inherit the permissions. AutoMapping set to $true has Outlook automatically map the shared mailbox; setting it to $false prevents it from being mapped automatically. And finally, the User parameter is the end user you’re adding.
Next, we’ll need to give the end user permission to send as the account:
Add-RecipientPermission -Identity $shared_mailbox_primarysmtp -AccessRights SendAs -Confirm:$false -Trustee $mailbox_user
The Add-RecipientPermission cmdlet adds the user’s ability to send from the shared mailbox using its display name and primary SMTP instead of his or her own. The Identity parameter, like before, will take most input that can identify the mailbox. The AccessRights parameter sets the user’s permission and must be set to SendAs. Using Confirm set to $false ensures that your command runs without additional prompts. Finally, Trustee is the delegated user of the mailbox.
One other note—you can also use groups for granting access to shared mailboxes. Just be aware that groups don’t support automapping in Outlook.
Removing a user from a shared mailbox
Removing access simply changes the verb in the PowerShell cmdlets to Remove:
Remove-MailboxPermission -Identity $shared_mailbox_primarysmtp -AccessRights FullAccess -Confirm:$false -User $mailbox_user Remove-RecipientPermission -Identity $shared_mailbox_primarysmtp -AccessRights SendAs -Confirm:$false -Trustee $mailbox_user
Viewing shared mailbox permissions
To view the permissions of a shared mailbox, you can use the Get-MailboxPermission and Get-RecipientPermission cmdlets. By default, both these cmdlets show all of the inherited permissions and NT AUTHORITY\SELF accounts. However, you can use Where-Object to strip out that information and only display the users in your Office 365 tenant:
Get-MailboxPermission -Identity $shared_mailbox_primarysmtp | Where-Object {($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF")} Get-RecipientPermission -Identity $shared_mailbox_primarysmtp | Where-Object {($_.IsInherited -eq $false) -and -not ($_.Trustee -like "NT AUTHORITY\SELF")}
Other shared mailbox tricks
There are a few other useful tricks with shared mailboxes. The first is hiding the mailbox from the GAL so other users in the organization can’t see it:
Set-Mailbox -Identity $shared_mailbox_primarysmtp -HiddenFromAddressListsEnabled:$true
If you want to hide the calendar of the shared mailbox, you can remove the default permissions using this command:
Set-MailboxFolderPermission -Identity "testbox@atlts.org:\calendar" -User Default -AccessRights None
Finishing up
Once you’re done, you’ll need to run one last PowerShell command to disconnect from your session:
Subscribe to 4sysops newsletter!
Remove-PSSession $Session
Your session will eventually time out if you leave it idle. However, it’s always a best practice to disconnect when you’re done.
Hello.
How do I manage shared pool by security group in my AD?
How do I make sure that when email sent from shared mailbox it shows the email in sent item of the shared folder and not in the person’s sent folder.
any powershell script to enable ?
Edit shared folder’s sent email copies behavior:
https://community.spiceworks.com/topic/1452959-shared-mailbox-sent-mail-to-be-save-in-sent-items-of-shared-mailbox
Set-Mailbox -Identity $SharedMailbox -MessageCopyForSentAsEnabled $true
Set-Mailbox -Identity $SharedMailbox -MessageCopyForSendOnBehalfEnabled $true
How do we get user mailboxes to also be sent copies of any email sent to shared folder address?
Ah-ha!
https://social.technet.microsoft.com/Forums/ie/en-US/f8f60d18-09a6-4bc0-9f59-6ebaac30d366/forwarding-emails-from-a-shared-folder-inbox-to-the-main-inbox-folder?forum=exchangesvrclients
UGH, to change sent behavior is now different! Why does MS always have to fix what isn’t broken (and leave what is broken the same or worse?!)?
https://social.technet.microsoft.com/Forums/lync/en-US/d1106ae3-1684-43c1-a831-4b7ef2e0c347/where-is-setmailboxsentitemsconfiguration-getmailboxsentitemsconfiguration?forum=exchangesvradmin
Is there a way to set Read-Only permissions to Shared Mailbox? Specifically the calendar? We want to be able to restrict some users from being able to modify entries in Shared Mailbox Calendar. Is this possible?
Thanks.
MS
Command:
Source: https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxfolderpermission?view=exchange-ps
Is there a way to enable “Share calendar” option for shared mailbox via powershell command. “Share Calendar” option is greyed out for shared mailboxes in outlook. Please help
Thank you 4sysops for this resource and awesome theme for the site.
Thank you Kyle Beckman for the helpful post.
I find ps useful for example to get output copied to a file first thing to do is:
Start-Transcript
Use this to get a list of inboxes by name from Exchange.
get-mailbox | where {$_.litigationholdenabled -match “true”} | ft name,litigationholdenabled