Grant Full Access rights to a mailbox in Office 365

Not all Office 365 customers have a hybrid scenario deployed in their environment. The hybrid server provides the ability to perform administrative tasks in Office 365 via the familiar EMC GUI (Exchange Management Console).

But tenant administrators who don’t have a Hybrid server (and thus no EMC) must rely on PowerShell to perform some basic administrative tasks. This can be confusing to someone not used to PowerShell or command-line-based administration.

One of the most frequently asked questions is:

“How do I give <user 1> access to <mailbox a>?”

The first step is making sure you have the prerequisites installed on your workstation.

Second, connect PowerShell to the service using your tenant credentials. I’ve previously posted a useful script to help simplify that process.

Next, run the following command:

Add-MailboxPermission -Identity <Mailbox A> -User <User 1> -AccessRights FullAccess -InheritanceType All

  • <Mailbox A> is the alias of the mailbox to which you want to grant someone access rights
  • <User 1> is the alias of the mailbox for the user to whom you want to grant these rights

Exchange supports AutoMapping within the Outlook and OWA clients. AutoMapping is enabled by default. Therefore, when User A has FullAccess rights to Mailbox B, Mailbox B will show up in User A’s Outlook client or OWA automatically, without having to manually add it to their profile as was once previously required.

If User A only has FullAccess rights to a couple of other mailboxes this is a great feature. However, since AutoMapping utilizes Outlook’s cached mode, this can become cumbersome for users who have FullAccess rights to many mailboxes (like administrators).

To prevent AutoMapping, you have two options:

  1. Tack on the
    –AutoMapping:$False
    parameter at the end of the
    Add-MailboxPermission
    commandlet to prevent Outlook from using the AutoMapping feature.
  2. Instead of granting FullAccess rights to an individual user, grant it to a new security group and add that user to the security group. AutoMapping is not supported when FullAccess is granted through security groups.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s