Mailbox Permission Delegation – Full Access\ Send As\ Send on Behalf

You can use the EAC or the Power Shell to assign permissions to users or groups (called delegates). Also permissions can be assigned to user mailboxes, linked mailboxes, resource mailboxes, and shared mailboxes. You can also assign permissions to distribution groups, dynamic distribution groups, and mail-enabled security.

Full Access - This permission allows a delegate to open a user’s mailbox and access the contents of the mailbox.

Set permission Example:
Add-MailboxPermission -Identity "ThinkTelMonitor@domain.com" -User ricks -AccessRights FullAccess -InheritanceType all

Verify the permission:
Get-MailboxPermission –Identity “ThinkTelMonitor@domain.com”

Send As - This permission allows delegates to use the mailbox to send messages. After this permission is assigned to a delegate, any message that the delegate sends from the mailbox will appear to have been sent by the mailbox owner.

Set permission Example:
Add-ADPermission -Identity ThinkTelMonitor@domain.com -User Ricks -ExtendedRights "Send As"

Verify the permission:
Get-RecipientPermission -Identity ThinkTelMonitor@domain.com -Trustee ricks

Remove permission:
Remove-ADPermission -Identity "ThinkTelMonitor@domain.com" -User ricks -ExtendedRights "Send As"

Send on Behalf - This permission also allows a delegate to use the mailbox to send messages. After this permission is assigned to a delegate, the Fromaddress in any message sent by the delegate indicates that the message was sent by the delegate on behalf of the mailbox owner.

Set permission Example:
Set-Mailbox -Identity ThinkTelMonitor@domain.com -GrantSendOnBehalfTo Rickc

Remove Permission:
Set-Mailbox "ThinkTelMonitor" -GrantSendOnBehalfTo@{remove="rickc@domain.com"}

Verify the permission:
Get-Mailbox -Identity ThinkTelMonitor@domain.com | FL GrantSendOnBehalfTo

Thanks
@Roshan

How to Create Exchange 2010 Shared Mailbox when in Hybrid

 

NOTE: The shared mailboxes in the cloud will not require an O365 license as of now. So it is worthwhile to utilize the feature whenever possible.

Step – 1 >> Create a User Mailbox

Login in to one of the on premise Exchange server and open EMC

Navigate to ‘New mailbox’ under ‘Recipient Configuration‘

Select ‘User Mailbox’

Click on ‘New User’ and fill the user information

Click on ‘Next’ and select the ‘Mailbox Database’

Select ‘Don’t create an archive’

Click ‘Next’ to continue and Click ‘New’ in the next screen

Click ‘Finish’ to create the mailbox

Power Shell Command – Makes much easier to create mailbox without many clicks, you’ll be prompted for the Password.
New-Mailbox -Name 'ThinkTel Monitor' -Alias 'ThinkTelMonitor' -UserPrincipalName 'ThinkTelMonitor@xxxxxx.com' -SamAccountName 'ThinkTelMonitor' -FirstName 'ThinkTel' -LastName 'Monitor' -Database 'Exchange2010NSL'

Step – 2 >> Start the DirSync

a. In Active Directory Sites and Services, force replication across all sites if you have multiple AD sites.
b. From the DirSync server, force online synchronization. From an elevated Command Prompt, run DirSyncConfigShell.psc1 (from C:\Program Files\Microsoft Online Directory Sync), then type Start-OnlineCoexistenceSync.
c. Verity the Changes has been sync to Cloud.
Step – 3 >> Move on premise mailbox to the cloud
Select the Mailbox and Click on ‘New Remote Move Request’

Click on ‘Next’ to continue the wizard

Provide Proxy Server FQDN of Source\Internal
Provide Exchange admin Credentials and click on ‘Next’

Provide Target Delivery Domain FQDN and Click Next

Click ‘Next‘

Provide Cloud credentials and click ‘OK’

Click ‘Finish’ to start the move process.

Power Shell Command – Makes much easier to create mailbox without many clicks, Open the PowerShell ISE or shell

1. Run Windows PowerShell as Admin
2. $Cred=Get-Credential (cloud admin)
3. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection
4. Import-PSSession $Session
5. $RemoteCredential=Get-Credential (on-premises admin)
6. Run New-MoveRequest with the required switches (check the log for the failed move):

Examples:
New-MoveRequest -Identity ‘ThinkTellMonitor’ -Remote -RemoteHostName exchservice.xxxxxxxx.com -TargetDeliveryDomain service.xxxxxxx.com -RemoteCredential $RemoteCredential -BadItemLimit 5 -LargeItemLimit 5
7. When finished, disconnect the session by typing Remove-PSSession $Session
Click on Move Request under Cloud Connection and monitor the progress.

Step – 4 >> Log in to Office 365 Portal and navigate to Admin

a. Click on Exchange and open recipient’s window search for ‘Think………’ Mailbox
b. From the right hand side pane Click on Convert to Shared Mailbox

In the warning window click ‘Yes’ to continue

Click Close to complete.

Navigate to ‘Shared’ and now you should be able to see the new mailbox ‘Think………’

Thanks
@Roshan

Disable / Junk mail, read receipts, recoverable items and automatic processing O365

 

Disabling read receipts for Microsoft Office 365 mailbox
1. Log in into Microsoft Office 365 using the journal mailbox user account.
2. Go to Outlook tab.
3. Select Settings icon then click Options.
4. Expand the MAIL section and click on Read receipts
5. Select Never send a response
6. Click on SAVE to save changes

Disable Junk Mail Options

1. Log in into Microsoft Office 365 using the journal mailbox user account.
2. Go to Outlook tab.
3. Select Settings icon then click Options.
4. Expand the MAIL section and Expand the Accounts
5. Click on Block or Allow and Select “Don’t move email to my junk Email folder”
6. Click on SAVE to save changes

Disable Automatic Processing of Calendar Items

1. Log in into Microsoft Office 365 using the journal mailbox user account.
2. Go to Outlook tab.
3. Select Settings icon then click Options.
4. Expand the CALENDAR section and Click on Automatic processing
5. Un-tick  Delete invitation and responses ………… and Delete notifications about forwarded events
6. Click on SAVE to save changes

Disabling the Recoverable Items folder in Microsoft Office 365

You’ll need to open “Windows Azure Active Directory Module for Windows PowerShell” module
Run the following command:
1. $UserCredential = Get-Credential and key in the required credentials.
3. To start your remote session with Exchange Online, run the following command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ –Credential $UserCredential -Authentication Basic -AllowRedirection
4. Run the following command: Import-PSSession $Session
5. To disable the Recoverable Items folder functionality, run the following command: Set-Mailbox –Identity journal –SingleItemRecoveryEnabled $False –RetainDeletedItemsFor 0
6. To disconnect your session, run the following command: Remove-PSSession $Session

-Thanks
@ Roshan

Filter Objects in Directory Sync with Cloud

Steps to Migration On-premise DLs to Cloud

Problem statement: You have all your DLs in the on premise all users in the cloud. DLs owners in the cloud could not manage the members. (Add or remove)

Solution: Migrate DLs to the cloud while assuring minimum impact to the mail delivery.

Step – 1 >> Export all on premise DLs using a script to .CSV file
Export the list of on premise DLs to .CSV file with (DL name, email address, owners, members etc.) You can use a PS script for that. Or if you have few users you can do it manually as well.

Download Script: https://gallery.technet.microsoft.com/office/Export-all-distribution-707c27eb

Step – 2 >> Create a new DL on premise
Create a new OU in on premise AD "Cloud DL" which I created or you could use an existing one.

Step - 3 >> Move DLs
Move all DLs to the OU which you need to migrate to the cloud (Example: Cloud OU)

Step – 4 >> Open Synchronization Service Manger
Log on to Dir-Sync Server and open miisclient.exe (Synchronization Service Manger) from the "C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell"

Click on Management Agents >> Double click on Active Directory Connector >> Click on Configure Directory Partitions

(Make sure the correct Domain is selected at top) >> Click on Containers

>> Provide domain admin username and PWD >> Click OK

>> Uncheck the Filtered OU Example “Cloud DL” >> Click OK >> OK

Step – 5 >> Run full Sync
Right click >> Active Directory Connector >> Run >> Full Import Full Sync >> OK

Step – 6 >> Logon to Cloud admin page

You need to login to O365 admin portal and navigate to Admin >> Exchange. Click on “Groups” search for DLs which was moved to Filtered OU in Step - 3

You should not see any DLs here, if you still see DLs sometimes this might take 30 minutes or so according to my experience and also will depend your AD site and links.

Step – 7 >> Create DLs on the cloud
Click on + select Distribution group >>

Type the Exact Name, Alias and email address as your on premise DL

Add the owner and members to it and click on SAVE.

Select the DL and click on Delivery Management and change senders option

To create DLs in the cloud you can use PowerShell script as well.

Step – 8 >> Remove the on premise DLs
Login to AD navigate to OU “Cloud DL” and delete DLs that you have already created in the cloud.

NOTE: If you do not delete the on premise DLs,
1) on premise users will be able to send mails to the DLs but which will make more difficult to manage basically 2 identical DLs will exists in your environment one in cloud and one in on premise
2) If you later move the DLs to any other Syncing OU in AD which will overwrite the Cloud DLs once Dir-Sync is synced.

-Thanks
@Roshan