« Microsoft Online Services SLA | Main | Microsoft Voices of Launch »

02/04/2010

Setting SendAs of Send on Behalf Of Permissions in Exchange Online / BPOS

Until recently a Service Requested needed to be sent in to grant users SendAs of SendOnBehalfOf permissions to another users mailbox. With the availability of the new Migration Tools and Microsoft Online Services administrators are now able to grant these permissions themselves through PowerShell.

  • GrantFullAccess: Grant full permissions of one Exchange Online user to the mailbox of another Exchange Online user.
  • GrantSendAs: This allows an Exchange Online user to send mails As another user.
  • GrantSendOnBehalfOf: An Exchange Online User is now able to send mails on behalf of another user.

The command used in PowerShell to grant other users access to a mailbox is Add-MSOnlineMailPermission.

So in order to grant user1@msonline.com Send As permissions on the mailbox of user2@msonline.com the following command would be used: 

PS> Add-MSOnlineMailPermission Identity user1@msonline.com -TrustedUser user2@msonline.com–GrantSendAs True

The full string for this command is: 

Add-MSOnlineMailPermission [-GrantSendAs] [-Identity] <String> [-Credential <PSCredential>] -TrustedUser <string> [-GrantFullAccess]

Or 

Add-MSOnlineMailPermission [-GrantSendOnBehalfOf] [-Identity] <String> [-Credential <PSCredential>] -TrustedUser <string> [-GrantFullAccess]

Next to setting the user permissions the user permission can also be deleted. For this the command Remove-MSOnlineMailPermission is used.

The full string for this command is:

Remove-MSOnlineMailPermission [-RemoveSendAs] [-Identity] <String> [-Credential <PSCredential>] [-RemoveSendAs] [-RemoveFullAccess] -TrustedUser <string>

Or 

Remove-MSOnlineMailPermission [-RemoveSendOnBehalfOf] [-Identity] <String> [-Credential <PSCredential>] [-RemoveSendAs] [-RemoveFullAccess] -TrustedUser <string>


Posted by Danny Burlage at 03:42:20 PM in Exchange Online, Support

Bookmarks: Google Bookmarks Delicious Technorati Technorati LinkedIN LinkedIN MSN Reporter NuJIJ Facebook diigo it

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010534dbe74a970c0120a85fa40b970b

Feed Comments

The problem is that the SendAs switch is broken for a lot of users, due to occassional mismatches between a user's CN and their SMTP alias. If this happens and you're POSITIVE you're typing in the command correctly (not a forgone conclusion here, believe me), you will still need to call BPOS to have the permissions granted.

Posted by: Scharmers | 02/05/2010 at 03:08 AM

Hi Danny, thanks for the article. In your example for Add-MSOnlineMailPermission you are missing the hyphen on Identity. It's a really simple thing but it took me a few minutes to find it! :)

Posted by: Richard Thornton | 02/15/2010 at 01:57 AM

THANK YOU!!! for mention the missing hyphen, the MS documentation is missing this as well and I've been fighting with this for an hour now.

Posted by: Jørgen Staun | 02/16/2010 at 02:56 PM

Post a comment.