Mailbox Delegation
Only Cloud :
1. Remove-MailboxPermission -Identity "Yuuto Sasaki" -User "Pedro Pizarro" -AccessRights FullAccess -InheritanceType All
2. Get-MailboxPermission -Identity john@contoso.com | Format-List
3. Get-MailboxPermission -Identity john@contoso.com -User "Ayla"
4. Get-MailboxPermission -Identity Room222 -Owner
5. Add-MailboxPermission -Identity "Terry Adams" -User "Kevin Kelly" -AccessRights FullAccess -InheritanceType All
6. Add-MailboxPermission -Identity "Jeroen Cool" -User "Mark Steele" -AccessRights FullAccess -InheritanceType All -AutoMapping $false
7. Get-Mailbox -AutoMapping is not an option neither via PS nor via GUI
Auto-mapping doesn’t work as expected in an Office 365 hybrid environment - Microsoft Support
8. Get-RecipientPermission -Trustee "Kim Akers"
9. Get-RecipientPermission "Help Desk"
10. Set-Mailbox -Identity seanc@contoso.com -GrantSendOnBehalfTo hollyh
Get-RecipientPermission -Identity
For Hybrid:
Hybrid:
Documentations:
Permissions in Exchange hybrid deployments | Microsoft Learn
Overview of delegation in a Microsoft 365 hybrid environment - Exchange | Microsoft Learn
Configure Exchange to support delegated mailbox permissions in a hybrid deployment | Microsoft Learn
A remote mailbox created in AD DS is not ACLable - Exchange | Microsoft Learn
1) Enabling support for hybrid mailbox permissions in Azure Active Directory Connect
-> Upgrade AAD Connect: AAD Connect needs to be upgraded to at least version 1.1.553.0. You can download the latest version of AAD Connect from Microsoft Azure Active Directory Connect.
Attributes synchronized by Azure AD Connect - Microsoft Entra | Microsoft Learn
2)Configuring your on-premises Exchange servers to support hybrid mailbox permissions
-> Enable ACLable object synchronization at the organization level.
a) To enable ACLable object synchronization at the organization level, do the following.
Set-OrganizationConfig -ACLableSyncedObjectEnabled $True
b) Get-RemoteMailbox -ResultSize unlimited | ForEach {Get-AdUser -Identity $_.Guid -Properties msExchRecipientDisplayType | Format-Table DistinguishedName,msExchRecipientDisplayType -Auto}
-> Manually enable ACLs on each mailbox moved to Microsoft 365 or Office 365 before ACLable object synchronization was enabled at the organization level.
a) Open the Exchange Management Shell on an Exchange 2013 or Exchange 2016 server running the latest available CU, or the immediately previous CU.
b) To enable ACLs on a single mailbox, run the following command:
Get-AdUser <UserMailbox's Identity> | Set-AdObject -Replace @{msExchRecipientDisplayType=-1073741818}
c) To enable ACLs on all mailboxes moved to Microsoft 365 or Office 365, run the following command:
Get-RemoteMailbox -ResultSize unlimited | where {$_.RecipientTypeDetails -eq "RemoteUserMailbox"} | foreach {Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}
Send As Permission in Hybrid Setup
Add-ADPermission -Identity EXO1 -User ONPREM1 -AccessRights ExtendedRight -ExtendedRights "Send As"
Then run the corresponding command in Exchange Online PowerShell:
Add-RecipientPermission -Identity EXO1 -Trustee ONPREM1 -AccessRights SendAs