Thursday, December 10, 2015

Mailbox Permission Delegation – Full Access\ Send As\ Send on Behalf

You can use the EAC or the Power Shell to assign permissions to users or groups (called delegates). Also permissions can be assigned to user mailboxes, linked mailboxes, resource mailboxes, and shared mailboxes. You can also assign permissions to distribution groups, dynamic distribution groups, and mail-enabled security.

Full Access - This permission allows a delegate to open a user’s mailbox and access the contents of the mailbox.

Set permission Example:
Add-MailboxPermission -Identity "ThinkTelMonitor@domain.com" -User ricks -AccessRights FullAccess -InheritanceType all

Verify the permission:
Get-MailboxPermission –Identity “ThinkTelMonitor@domain.com”

Send As - This permission allows delegates to use the mailbox to send messages. After this permission is assigned to a delegate, any message that the delegate sends from the mailbox will appear to have been sent by the mailbox owner.

Set permission Example:
Add-ADPermission -Identity ThinkTelMonitor@domain.com -User Ricks -ExtendedRights "Send As"

Verify the permission:
Get-RecipientPermission -Identity ThinkTelMonitor@domain.com -Trustee ricks

Remove permission:
Remove-ADPermission -Identity "ThinkTelMonitor@domain.com" -User ricks -ExtendedRights "Send As"

Send on Behalf - This permission also allows a delegate to use the mailbox to send messages. After this permission is assigned to a delegate, the Fromaddress in any message sent by the delegate indicates that the message was sent by the delegate on behalf of the mailbox owner.

Set permission Example:
Set-Mailbox -Identity ThinkTelMonitor@domain.com -GrantSendOnBehalfTo Rickc

Remove Permission:
Set-Mailbox "ThinkTelMonitor" -GrantSendOnBehalfTo@{remove="rickc@domain.com"}

Verify the permission:
Get-Mailbox -Identity ThinkTelMonitor@domain.com | FL GrantSendOnBehalfTo

Thanks
@Roshan

No comments: