Tuesday, November 8, 2016

Office 365 -Managing Mailbox Permissions by using PowerShell

Most of us already managing the Exchange server on-premises, now its time to manage the mailboxes permission into Exchange Online, following are some useful Power Shell command:

Assign Mailbox Permission
Add-MailboxPermission -Identity "ABC" -User "Admin" -AccessRights FullAccess -InheritanceType All

Assign “Send As” Permissions for a Mailbox
Add-RecipientPermission "ABC" -AccessRights SendAs -Trustee "Admin"

Assign “Send As” Permissions for a ALL Mailbox’s (Bulk)
$MBXS = Get-Recipient -RecipientType UsermMilbox ForEach ($MBX in $MBXS) 

Add-RecipientPermission $MBX.name -AccessRights SendAs –Trustee "Admin@tech.com" -Confirm:$False 

Get-RecipientPermission | Where {($_.Trustee -ne 'nt authority\self') -and ($_.Trustee -ne 'Null sid')} }


Assign “Send As” Permissions for recipient for each member in a distribution group
$DL = Get-DistributionGroupMember  
Foreach ($item in $DL) 

Add-RecipientPermission $item.name -AccessRights SendAs
–Trustee "Admin" -Confirm:$False 
}


Assign “Send As” Permissions for each member in a distribution group for a specific recipient
$DL = Get-DistributionGroupMember  
Foreach ($item in $DL) 

Add-RecipientPermission "ABC" -AccessRights SendAs 
–Trustee $item.name -Confirm:$False 
}


Assign “Send on Behalf” Permissions for a Mailbox
Set-Mailbox "ABC"  -GrantSendOnBehalfTo  "Admin"


Assign “Full Access” permissions for all Mailboxes (Bulk)
Get-Mailbox -ResultSize unlimited -Filter {RecipientTypeDetails -eq 'UserMailbox'} | Add-MailboxPermission -User "admin" -AccessRights FullAccess -InheritanceType All


Assign “Full Access” permissions to Distribution Group 
$DL = Get-DistributionGroupMember "DL" | Select-Object -ExpandProperty Name 
ForEach ($Member in $DL ) 
{
Add-MailboxPermission -Identity "ABC"  -User $S -AccessRights FullAccess -InheritanceType All
}


Assign “Full Access” permissions for all Mailboxes and Disable AutoMap
Get-Mailbox -ResultSize unlimited -Filter {RecipientTypeDetails -eq 'UserMailbox'} | Add-Mailboxpermission -User "Admin" -AccessRights FullAccess -InheritanceType All –Automapping $False


Assign “Full Access” permissions for Specific User and Disable AutoMap
Add-MailboxPermission "ABC"  -User "Admin" -AccessRights FullAccess -InheritanceType All –AutoMapping $False


Get “Full Access” Permissions for a Mailbox
Get-MailboxPermission "ABC"


Get “Send As” permission for a Mailbox
Get-RecipientPermission "ABC"


Display “Send On Behalf” Permissions for Mailbox
Get-Mailbox "ABC"


View all “Send As permissions” from your organization
Get-RecipientPermission | where {($_.Trustee -ne 'nt authority\self') -and ($_.Trustee -ne 'Null sid')} | select Identity,Trustee,AccessRights


Display a list of recipient’s that have FULL ACCESS permission on other recipient’s
$a = Get-Mailbox $a |Get-MailboxPermission | Where { ($_.IsInherited -eq $False) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and -not ($_.User -like '*Discovery Management*') } | Select Identity, user, AccessRights


Revoke “Full Access” Permissions
Remove-MailboxPermission  "ABC"  -User "Admin"  -AccessRights FullAccess


Revoke “Send As” Permissions
Remove-RecipientPermission "ABC"  -AccessRights SendAs -Trustee "Admin"

No comments:

Post a Comment