Share via

Migrate Mailbox Permissions to Office 365

  • Article

Mailbox permission are typically translated to O365 during properly batched hybrid MRS moves, however there are still many scenarios where permissions must be audited on-premises and re-applied after migration. One example may be when using 3rd party migration tools.

2/10/2017 - Script has been updated to include new features based on feedback.
Download package and documentation is available from Microsoft Script Center.

Export-MailboxPermissions.ps1 should be run from on-premises Exchange Management Shell (EMS) and will collect mailbox access, send as, send on behalf, and folder delegate permissions into separate CSV datasets. Retrieval of each permission type can be toggled "$true" or "$false" in the script depending on requirements.  Note that retrieving folder delegates can add considerable time to script processing.  Therefore, evaluating only common folders (Inbox, Calendar) is toggled "$true" by default.  Specifying a list of users (rather than running against the entire Org) can also be toggled "$true" or "$false", however PrimarySmtpAddress column must be present in the file. Since mailbox permissions in O365 can only be assigned using mail-enabled objects, script won’t export delegates which are not mail-enabled on-premises (e.g. security groups) and will write warnings to an error log file for review.  If groups are used to assign permissions, the option to expand memberships and apply explicit user access can also be toggled "$true".

Import-MailboxPermissions.ps1 should be run from O365 remote PowerShell after mailboxes have been provisioned/migrated and will re-apply permissions according to collected on-premises datasets. Import of each export file can be toggled "$true" or "$false" in the script and re-applied separately if needed.

Migrate-MailboxPermissions.zip

Comments

  • Anonymous
    June 11, 2015
    awesome
    thanks
  • Anonymous
    July 02, 2015
    Hello. I receive the following error when running the script. Can you please assist?

    Cannot bind argument to parameter 'User' because it is null.
    + CategoryInfo : InvalidData: (:) [Add-MailboxPermission], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MailboxPermission
  • Anonymous
    October 20, 2015
    Hi, excellent script but it doesnt work when you run in EMS 2007. As many of the commandlets are not supported. Any suggestions?

    Thanks
  • Anonymous
    October 20, 2015
    The comment has been removed
  • Anonymous
    April 12, 2016
    Great, thanks for sharing this article, it describes how to migrate mailbox permission to office 365 through power-shell, I tested the third party migration tool fromhttp://www.lepide.com/exchangemigrator/ which assists to migrate mailbox permission, outlook rules profile, public folder permission to office 365 and perform migration between to any exchange server and allows Intra-forest exchange migration.