SAM2009
asked on
Need to assign a user mailbox "full access" to all mailboxes in O365
Hi,
I need to assign a user mailbox "full access" to all mailboxes in O365. Instead to do that can I just assign a builtin admin role which already has full access to all mailboxes?
Thanks
I need to assign a user mailbox "full access" to all mailboxes in O365. Instead to do that can I just assign a builtin admin role which already has full access to all mailboxes?
Thanks
No such role/method in Exchange Online. You will have to go over each mailbox and add the permissions. In addition, you will have to do this for every new mailbox.
the user you want to Add is called "sam2009" (this is the samAccountName)
$UserWithFullAccess="Sam2009"
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -User $UserWithFullAccess -AccessRights FullAccess -InheritanceType All
#uncomment if required to clean up the session.
#Remove-PSSession $Session
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Connect to O365 with powershell
Get-Mailbox -Resultsize Unlimited | %{Add-MailboxPermission $_.alias -User "emailaddressofusergetting fullaccess " -AccessRights FullAccess -verbose}
Get-Mailbox -Resultsize Unlimited | %{Add-MailboxPermission $_.alias -User "emailaddressofusergetting
ASKER
If Impersonation Permission can be used why don't just do that instead to run PowerShell cmd to add full access all the times.
Impersonation only works with Exchange Web Services, so unless you want to perform any actions via EWS code, it will not be of much use.
ASKER
Sorry could you explain or give an example?
Example of what? As I mentioned above, impersonation is used with custom EWS-based applications/code. If you dont have such, it will not help you in your daily admin tasks, as there are no PowerShell cmdlets you can invoke or UI to use. Here's a quick introduction to what impersonation means in Exchange: https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange
And here's an example of how to perform specific task with impersonation (code-based): https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-add-appointments-by-using-exchange-impersonation
And here's an example of how to perform specific task with impersonation (code-based): https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-add-appointments-by-using-exchange-impersonation
ASKER
Just one more question. Is Impersonation can give full access to my service account to all mailboxes?
Example:
New-ManagementRoleAssignme nt -Name:AI -Role:ApplicationImpersona tion -User:"UserName"
Is above cmd will give same full access as this cmd:
Get-Mailbox -Resultsize Unlimited | %{Add-MailboxPermission $_.alias -User "emailaddressofusergetting fullaccess " -AccessRights FullAccess -verbose}
Example:
New-ManagementRoleAssignme
Is above cmd will give same full access as this cmd:
Get-Mailbox -Resultsize Unlimited | %{Add-MailboxPermission $_.alias -User "emailaddressofusergetting
It's not exactly the same, but for most purposes you can indeed use EWS impersonation as a replacement for Full mailbox access.
ASKER
Thanks