Share via


GrantSendOnBehalfTo Permissions for Mailbox overwrites Existing permission.

Following Blogpost explains how to use Exchange management shell to add / remove values from multivalued property on an object. Multivalued property can Contain more than one value. for Example “GrantSendOnBehalfTo’ property on mailbox.

* How to configure Send on Behalf.

A. Using outlook Delegate tab.

B. Using Exchange management console

C. Using Exchange Management Console. -- This method is discussed below .

Modifying a Multivalued property is different . when you modify a property with new value, The stored value is overwritten.

 

Example : Assume that the mailbox ‘HelpDesk’ has two users listed in ‘GrantSendOnBehalf’ property on mailbox.

GrantSendOnBehalfto : John@contoso.com, Chris@contoso.com

A new user joined the company and needs send on Behalf access to ‘HelpDesk’ mailbox.

administrator run a following command

set-mailbox Helpdesk -GrantSendOnbehalfto <‘Kim@contoso.com’>

when you run get-mailbox ‘helpdesk ' | ft Name,grantsendonbehalfto , you will see following

GrantSendonBehalfto : Kim@contoso.com

This isn’t what we expected, we wanted to add another user to the existing permissions but instead existing list was overwritten.

when you modify a multivalued property, you must ensure that you append / remove the values accordingly , Without Overwriting the

Existing list.

 

The general syntax :

Add one or more values to a multivalued property : @{Add="<value1>", "<value2>", "<value3>"}

Remove one or more values from a multivalued property : @{Remove="<value1>", "<value2>", "<value3>"}

Here are some examples :

Ex1.

set-mailbox ‘HelpDesk’ –Grantsendonbehalfto @{add=”john@contoso.com”,  <“chris@contoso.com>”, <“kim@contoso.com>”

 image

 Ex2:

Get-Mailbox | Set-Mailbox -GrantSendOnBehalfTo "user1", "User2", "User3", "User4"

 Ex3:

get-mailbox Helpdesk | set-mailbox –grantsendonbehalfto ‘john@contoso.com’

$a = get-mailbox ‘Helpdesk’ | select-object grantsendonbehalfto
$b = get-mailbox ‘Kim’ | select-object grantsendonbehalfto

$a.grantsendonbehalfto += $b.grantsendonbehalfto[0]

get-mailbox HelpDesk |set-mailbox -grantsendonbehalfto $($a.grantsendonbehalfto)

 

Ex4: ( Bulk Addition on permissions)

Here is a simple requirement . you have a requirement to assign GrantsendonBehalfto permissions on all mailboxes with out overwriting existing Permissions.

1 - First Export all the existing permissions

get-mailbox -resultsize unlimited | select-object displayname,GrantSendOnBehalfto >> c:\sendonBehalfpermissions.csv

Here is an example : Eah user has Grantsendonbehalfto permissions assigned ,

get-Mailbox | Select-Object displaynane,grantsendonbehalfto | ft -a

DisplayNane GrantSendOnBehalfTo

Test 01 {Contoso.Com/RESEARCH/Test 04}

Test 02 {Contoso.Com/RESEARCH/Test 04.Contoso.Com/Users/Test 01}

Test 03 {Contoso.Com/RESEARCH/Test 04.Contoso.Com/Users/Test 01}

Test 04 {Contoso.Com/RESEARCH/Test 05.Contoso.Com/Users/Test 01}

Test 05 {Contoso.Com/RESEARCH/Test 06.Contoso.Com/Users/Test 01}

Test 06 {Contoso.Com/RESEARCH/Test 04.Contoso.Com/Users/Test 01}

 

2 - Assume there is a requirement to assign User account "Test.10" with GrantsendOnBehalfto permissions on all the mailboxes with out overwriting existing permissions

  I call all the mailboxes at once and run following followingcmdlet to append the permissions.  

 Get-Mailbox -resultsize unlimited | set-mailbox -GrantSendOnBehalfto @{Add="Test.10"}

once cmdlet is completed run following cmdlet to see if new user is appended to existing permissions,

get-Mailbox | Select-Object displaynane,grantsendonbehalfto | ft -a

DisplayNane GrantSendOnBehalfTo

Test 01 {Contoso.Com/RESEARCH/Test 10, Contoso.Com/RESEARCH/Test 04}

Test 02 {Contoso.COM/RESEARCH/Test 10, Contoso.Co/RESEARCH/Test 04, Contoso.Com/Users/Test 01} ----> user account has been added / appended to existing permissions.

Test 03 {Contoso.COM/RESEARCH/Test 10, Contoso.Com/RESEARCH/Test 04.Contoso.Com/Users/Test 01}        

Test 04 {Contoso.COM/RESEARCH/Test 10, Contoso.Com/RESEARCH/Test 05.Contoso.Com/Users/Test 01}

Test 05 {Contoso.COM/RESEARCH/Test 10,Contoso.Com/RESEARCH/Test 06.Contoso.Com/Users/Test 01}

Test 06 {Contoso.COM/RESEARCH/Test 10, Contoso.Com/RESEARCH/Test 04.Contoso.Com/Users/Test 01}

 

* P.S: Any views or opinions presented in this blogpost are solely those of the author and do not necessarily represent those of the company. Please do validate these cmdlets provided

here meets your requirement and do test them before using it on your production mailboxes.

  -Manju

Comments

  • Anonymous
    June 09, 2014
    Wow life savior

    I read in 3 places, that it wasn't possible to remove users using grantsendonbehalf.

    That worked like a charm.

    TY
  • Anonymous
    August 05, 2014
    The comment has been removed
  • Anonymous
    October 22, 2014
    Why does your get-mailbox [user] -GrantSendOnBehalfTo return the UPN and ours returns the Display Name? (The latter is quite a nuisance since it is not necessarily unique.)
  • Anonymous
    August 14, 2015
    this is really very very helpful article for me.
  • Anonymous
    October 25, 2015
    what would be the exch2007 equivalent of:
    set-mailbox -identity "MBOX" -grantsendonbehalfto @{add="alexanders","aprilt"}
    ??