In this blog, I will review a simple GUI utility based on PowerShell, which simplifies the way to add, check and remove Send As / Send On Behalf / Full Access permissions n user’s mailboxes in Exchange On-Premises / Exchange Online (EXO) environments.
Mailbox permissions review
There are many cases where Exchange Admins or Help Desk managers asked to grant, remove or check mailboxes permissions as part of the organization’s needs.
There are 2 ways to handle mailbox permissions management:
- Using PowerShell:
This option might be short, but unnecessary a simple one.
In addition, not all people are well familiar with the syntax and the exact commands to manage mailbox permissions.
- Using EAC (Exchange Admin Center):
This option is the simplest way to manage mailbox permissions, but might take too long since we should navigate to the relevant mailbox and check each time the current permissions.
More information about managing permissions in Exchange On-Premises can be found at the next link:
Manage permissions for recipients | Microsoft Docs
For more information about managing mailbox permissions in Exchange Online, please review the next link:
Manage permissions for recipients in Exchange Online | Microsoft Docs
- You should first connect via PowerShell to Exchange Online (EXO) or start the Exchange Management Shell (EMS).
In case you run the script from Windows PowerShell and you didn’t connect to Exchange and EXO, you will get the next error:
In addition, when the utility will open up, the Exchange Permissions AND the EXO Permissions text will appear in RED color:
- In case you are connected to al least one of the systems (Exchange / EXO), the system you are connected to will be marked with GREEN color:
Do not confuse between Exchange & Exchange Online tabs when running the adding / checking / removing permissions!
General caveats about the script
- Since the script is using the Out-GridView cmd which requires a user interface, the script will NOT be able to output the mailbox’s permissions checks in Windows Core Server:
Out-GridView (Microsoft.PowerShell.Utility) — PowerShell | Microsoft Docs
- The Calendar permissions options based on the Folder names of the user’s mailbox.
Means that in case the user’s mailbox folders are in a different languages rather than English, the script will not be able to get and set the needed permissions on the user’s calendar.
- The script load the list of all mailboxes in the organization, to allow faster way searching the relevant mailboxes.
It takes about ~20 seconds to load around 30,000 mailboxes list.
The utility will be opened only after the script finished loading the whole mailboxes list.
Of course the time might be changed according to the environment size, connectivity to the service and the machine’s load.
Running the script
- To run the script, just open the Exchange Management Shell (EMS) or Windows PowerShell and connect Exchange server / Exchange Online and run the script.
- The default tab which opens first is the Exchange’s tab.
So in case you would like to manage Exchange Online permissions, verify to select the second tab Exchange Online accordingly:
- In case you would like to manage EXO services, select the second tab -
- At the Grant To / Remove list box, select the recipient you would like to add or remove permissions for, by start typing the alias of the chosen mailbox.
A list with a similar mailboxes alias’s will be presented at the list box: as the next example:
- At the On / From Mailbox list box, select the recipient you would like to get or set permissions for, by start typing the alias of the chosen mailbox.
A list with a similar mailboxes names will be presented at the list box: as the next example:
- After you selected the relevant mailbox, you can manage them according to your needs.
At the next example we will check if any mailbox has a Send AS permissions to Test5 mailbox:
- In case that no mailbox has a Send AS permissions to Test5 mailbox a dialog box will popup with a message claims that the user doesn’t has Send As Permissions.
In addition, the same message will be presented at the PowerShell console:
- In case any mailbox has a Send AS permissions to Test5 mailbox, a grid message will popup and list the mailboxes under the Identity field:
- In case you would like to add User 2Send On Behalf permission on Test5 mailbox, just click on the Add Send On Behalf Permissions button
- In case you would like to remove User2 Full Access permissions on JoniS’s mailbox, just click on the Remove Full Access Permissions button
(In our example we will manage the permissions in Exchange Online):
To manage Calendar permissions, select the relevant task.
- To add Calendar permission, select the permission that you would like to grant or change and click Add/Change Calendar Permissions:
- To check Calendar permissions, click on Check Calendar Permissions: