Managing Office 365 Exchange Online shared mailboxes can be done in the Office 365 Admin Center, but managing them in PowerShell is much quicker and gives additional options not available in the GUI. In this article, I’ll show you how to work with shared mailboxes in Office 365 with PowerShell.

Kyle Beckman

Kyle Beckman works as a systems administrator in Atlanta, GA supporting Office 365 in higher education. He has 17+ years of systems administration experience.

Managing mailboxes in Office 365 Exchange Online with PowerShell gives you access to more options, and in some cases, is faster than using the Office 365 Admin Center. To manage Exchange Online with PowerShell, you’ll first need to install the Microsoft Online Service Sign-in Assistant for IT Professionals and the Azure Active Directory Module for Windows PowerShell. (Please note: Both downloads are for 64-bit Windows; support for the 32-bit Azure Active Directory PowerShell module ended in October 2014.)

Connecting to Exchange Online ^

Before connecting to Office 365, you’ll need to update the Execution Policy on your management station to RemoteSigned. To do this, run a PowerShell session as Administrator, run the following, and answer Y when prompted:

Next, you’ll need to connect to Office 365 Exchange Online. I usually keep a copy of the three lines of PowerShell below in a standalone .ps1 file for quick access when I need to connect:

This script will prompt for your Office 365 administrator credentials, connect to Exchange Online, and make the Office 365 PowerShell cmdlets available to you.

Creating and configuring a shared mailbox ^

Now that you’re connected to Exchange Online, you can create your first shared mailbox with PowerShell. The bare minimum you’ll need is:

This is really just the bare bones and will get you a new shared mailbox that uses $shared_mailbox_name as the display name and email address. But where’s the fun in that? You’ll probably want something more like this:

In our last one-liner, we added some new parameters. First off is the DisplayName parameter; this sets the name that shows when someone sends from the shared mailbox. The Name field is a required parameter that uniquely identifies the account. The Alias parameter sets the Exchange alias and will set the email address using the default domain that you’ve configured in Office 365. The PrimarySmtpAddress parameter specifies the default address for the mailbox. If you don’t specify PrimarySmtpAddress, the New-Mailbox will use the Alias parameter to set primary SMTP.

Adding a user to the shared mailbox ^

Adding users to the shared mailbox is a two-step process. First, we’ll need to give the user access to the mailbox:

The Add-MailboxPermission cmdlet is responsible for giving users access to the shared mailbox. The Identity parameter accepts just about anything about the shared mailbox: alias, display name, SMTP address, etc. I typically use the primary SMTP address because that’s how most customers know the mailbox. The AccessRights parameter specifies what level of access the user needs; in almost all situations for a shared mailbox, you need FullAccess. The InheritanceType parameter set to All specifies that folders inherit the permissions. AutoMapping set to $true has Outlook automatically map the shared mailbox; setting it to $false prevents it from being mapped automatically. And finally, the User parameter is the end user you’re adding.

Next, we’ll need to give the end user permission to send as the account:

The Add-RecipientPermission cmdlet adds the user’s ability to send from the shared mailbox using its display name and primary SMTP instead of his or her own. The Identity parameter, like before, will take most input that can identify the mailbox. The AccessRights parameter sets the user’s permission and must be set to SendAs. Using Confirm set to $false ensures that your command runs without additional prompts. Finally, Trustee is the delegated user of the mailbox.

One other note—you can also use groups for granting access to shared mailboxes. Just be aware that groups don’t support automapping in Outlook.

Removing a user from a shared mailbox ^

Removing access simply changes the verb in the PowerShell cmdlets to Remove:

Viewing shared mailbox permissions ^

To view the permissions of a shared mailbox, you can use the Get-MailboxPermission and Get-RecipientPermission cmdlets. By default, both these cmdlets show all of the inherited permissions and NT AUTHORITY\SELF accounts. However, you can use Where-Object to strip out that information and only display the users in your Office 365 tenant:

Other shared mailbox tricks ^

There are a few other useful tricks with shared mailboxes. The first is hiding the mailbox from the GAL so other users in the organization can’t see it:

If you want to hide the calendar of the shared mailbox, you can remove the default permissions using this command:

Finishing up ^

Once you’re done, you’ll need to run one last PowerShell command to disconnect from your session:

Your session will eventually time out if you leave it idle. However, it’s always a best practice to disconnect when you’re done.

Win the monthly 4sysops member prize for IT pros


Related Posts

  1. Marcus 9 months ago


    How do I manage shared pool by security group in my AD?


  2. anand 3 months ago

    How do I make sure that when email sent from shared mailbox it shows the email in sent item of the shared folder and not in the person's sent folder.

    any powershell script to enable ?


Leave a reply

Your email address will not be published. Required fields are marked *



Please ask IT administration questions in the forum. Any other messages are welcome.

© 4sysops 2006 - 2017

Log in with your credentials


Forgot your details?

Create Account