Cloud Mailbox full Access permission for terminated On-Premises employee not sync with Azure AD
In Hybrid Environment.
I have one user which has been moved to cloud and he had full access permission on terminated mailbox (Disable account in AD). But after moving mailbox to cloud lost the access for terminated On-Premise mailbox which is not synced with Azure AD
1) How can we give full permission to cloud mailbox for the terminated mailbox which is not synchronized in Azure AD.
2.) I was trying to give full permission on terminated mailbox through Exchange On-Premise ECP but cloud mailbox not showing in search delegation ?
3) Is there anyway we can give cloud user full access for terminated mailbox which is not synced with Azure AD ?
I have one user which has been moved to cloud and he had full access permission on terminated mailbox (Disable account in AD). But after moving mailbox to cloud lost the access for terminated On-Premise mailbox which is not synced with Azure AD
1) How can we give full permission to cloud mailbox for the terminated mailbox which is not synchronized in Azure AD.
2.) I was trying to give full permission on terminated mailbox through Exchange On-Premise ECP but cloud mailbox not showing in search delegation ?
3) Is there anyway we can give cloud user full access for terminated mailbox which is not synced with Azure AD ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you said terminated mailbox, what it means?
Once you moved mailbox to cloud, how come your onprem user control it?
The onprem and cloud have different directories
If u could explain technically what you are trying to do, ur problem would get resolved
Once you moved mailbox to cloud, how come your onprem user control it?
The onprem and cloud have different directories
If u could explain technically what you are trying to do, ur problem would get resolved
ASKER
Okay,
Terminated mailbox -- employee get terminated and he has mainbox on premises not sync with Azure AD.
Manager (Mailbox) had full mailbox access when he was on-premises to the terminated mailbox which is on premises.
We moved the manager (mailbox) to cloud after that he lost the access of terminated employee on-premise mailbox.
In hybrid full mailbox access permission supported in cross premises
But in my scenario-- Manager mailbox move to cloud and his terminated employee (mailbox) is on-premises and interesting note here is terminated employee (who left the company) not sync with Azure AD.
So the question is -- how can we give again full mailbox access to cloud mailbox for the terminated employee.
Terminated mailbox -- employee get terminated and he has mainbox on premises not sync with Azure AD.
Manager (Mailbox) had full mailbox access when he was on-premises to the terminated mailbox which is on premises.
We moved the manager (mailbox) to cloud after that he lost the access of terminated employee on-premise mailbox.
In hybrid full mailbox access permission supported in cross premises
But in my scenario-- Manager mailbox move to cloud and his terminated employee (mailbox) is on-premises and interesting note here is terminated employee (who left the company) not sync with Azure AD.
So the question is -- how can we give again full mailbox access to cloud mailbox for the terminated employee.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OK
Your manager lost access to terminated mailbox as soon as he got moved to Exchange online, this is expected behavior
Because these permissions are set on terminated mailbox by another onpremise user *mailbox* and in your case manager don't have mailbox onpremise, you have moved it to cloud and since OnPrem and cloud both directories are different, you cannot assign cloud mailbox full access permissions on onpremise mailbox.
In short, in order to grant someone full access on other mailbox, he also must have mailbox, then only scenario will work
https://technet.microsoft.com/en-us/library/jj919240(v=exchg.160).aspx
even if you use group to grant full control access permissions, group members should have mailbox
Your manager lost access to terminated mailbox as soon as he got moved to Exchange online, this is expected behavior
Because these permissions are set on terminated mailbox by another onpremise user *mailbox* and in your case manager don't have mailbox onpremise, you have moved it to cloud and since OnPrem and cloud both directories are different, you cannot assign cloud mailbox full access permissions on onpremise mailbox.
In short, in order to grant someone full access on other mailbox, he also must have mailbox, then only scenario will work
https://technet.microsoft.com/en-us/library/jj919240(v=exchg.160).aspx
even if you use group to grant full control access permissions, group members should have mailbox
ASKER
Thanks for the input,
Everything is according to MS best practice.
If terminated mailbox is not Sync with Azure AD,
Can we give full mailbox access to cloud mailbox for mailbox on-premise not sync with Azure AD.
So manager mailbox in the cloud can respond to terminated employee (mailbox) on-premise?
Everything is according to MS best practice.
If terminated mailbox is not Sync with Azure AD,
Can we give full mailbox access to cloud mailbox for mailbox on-premise not sync with Azure AD.
So manager mailbox in the cloud can respond to terminated employee (mailbox) on-premise?
well there still needs to be a sync of the user objects in place. sync the termed user object so that Azure AD will know about the object and it's email attributes.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ah @Mahesh got it. Thanks for that update. Good catch. I wasn't aware of that date. i thought it was already fully active.
Answer has been provided. Closing ticket.
ASKER
I didn't see anywhere document, please share if you come across with any reference?
Appreciate your input..