Need to assign a user mailbox "full access" to all mailboxes in O365


I need to assign a user mailbox "full access" to all mailboxes in O365. Instead to do that can I just assign a builtin admin role which already has full access to all mailboxes?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
No such role/method in Exchange Online. You will have to go over each mailbox and add the permissions. In addition, you will have to do this for every new mailbox.
Jose Gabriel Ortega CastroCEO Faru Bonon IT - EE Solution ExpertCommented:
the user you want to Add is called "sam2009" (this is the samAccountName)

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -User $UserWithFullAccess -AccessRights FullAccess -InheritanceType All
#uncomment if required to clean up the session.
#Remove-PSSession $Session

Open in new window

Instead, Assign Application Impersonation Permission to that one mailbox.On above said methods, you need to add the mailbox permission when a new user join the company.. If you assign Application Impersonation rights, then user can impersonate all the mailboxes in the company including CEO..

New-ManagementRoleAssignment -Name:AI -Role:ApplicationImpersonation -User:"UserName"

Note: This will be used, when you want to perform anything on multiple mailboxes using single account.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

FOXActive Directory/Exchange EngineerCommented:
Connect to O365 with powershell

Get-Mailbox -Resultsize Unlimited | %{Add-MailboxPermission  $_.alias -User "emailaddressofusergettingfullaccess"  -AccessRights FullAccess -verbose}
SAM2009Author Commented:
If  Impersonation Permission can be used why don't just do that instead to run PowerShell cmd to add full access all the times.
Vasil Michev (MVP)Commented:
Impersonation only works with Exchange Web Services, so unless you want to perform any actions via EWS code, it will not be of much use.
SAM2009Author Commented:
Sorry could you explain or give an example?
Vasil Michev (MVP)Commented:
Example of what? As I mentioned above, impersonation is used with custom EWS-based applications/code. If you dont have such, it will not help you in your daily admin tasks, as there are no PowerShell cmdlets you can invoke or UI to use. Here's a quick introduction to what impersonation means in Exchange:

And here's an example of how to perform specific task with impersonation (code-based):
SAM2009Author Commented:
Just one more question. Is Impersonation can give full access to my service account to all mailboxes?


New-ManagementRoleAssignment -Name:AI -Role:ApplicationImpersonation -User:"UserName"

Is above cmd will give same full access as this cmd:

Get-Mailbox -Resultsize Unlimited | %{Add-MailboxPermission  $_.alias -User "emailaddressofusergettingfullaccess"  -AccessRights FullAccess -verbose}
Vasil Michev (MVP)Commented:
It's not exactly the same, but for most purposes you can indeed use EWS impersonation as a replacement for Full mailbox access.
SAM2009Author Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.