With the migration of many BPOS accounts to Office 365 there have been some major changes to the back-end resulting in a different method connecting via PowerShell in order to use command line syntax.
To use the PowerShell command line syntax for Office 365 you first need to initiate a connection to the 365 servers:
Powershell using “Microsoft Online Services Module for Windows PowerShell”
You may experience the following error when running Powershell Commands:
“File cannot be loaded because the execution of scripts is disabled on this system”
You can run this command to remove the execution restriction.
Set-ExecutionPolicy Unrestricted |
Open Connection:
$LiveCred = Get-Credential |
Enter admin credentials for required domain:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $LiveCred -Authentication Basic -AllowRedirection |
Import-PSSession $Session |
Lock/Unlock User Account:
Set-MsolUser -UserPrincipalName user@example.com –blockcredential <strong>$false</strong> |
Set-MsolUser -UserPrincipalName user@example.com –blockcredential <strong>$true</strong> |
Configure Mail Forwarding:
Set-Mailbox -Identity user@example.com -ForwardingAddress admin@example.com -DeliverToMailboxAndForward $true |
Configure Send As permissions:
Add-RecipientPermission -Identity user@example.com -Trustee admin@example.com -AccessRights SendAs |
In this command line, “admin@example.com” represents the mailbox, contact, or distribution group that you want to grant rights to and is the user who you want to grant Send As rights.
To verify that the permissions are applied:
Get-RecipientPermission -Identity | Select Trustee, AccessControlType, AccessRights |
In the results, you should be able to confirm thathas Send As rights granted. These rights can be assigned to a user, mailbox or group Active Directory objects.
Grant full mailbox access, Grant a user full mailbox access to a user other than the mailbox owner:
Add-MailboxPermission -Identity user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All |
In this command line, “user@example.com” represents the mailbox that you want to grant rights to and “admin@example.com” is the mailbox of the user who you want to grant Full Access rights.
I always get this messed up! the “user” is who’s account you want to access i.e. helpdesk@ support@ etc. The “admin” is the users account who needs the access i.e. dom@ user@ etc.
If an administrator wants to grant a user access to a room mailbox, the administrator may want to specify that user as the Owner:
Add-MailboxPermission -Identity -Owner |
Only users that have Exchange mailboxes can be granted access to other mailboxes. Users who do not have mailboxes receive a permissions error when they try to access the other mailboxes.
Remove Mailbox Access:
Remove-MailboxPermission user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All |
To verify that the permissions are applied to the mailbox:
Get-MailboxPermission -Identity user@example.com | Select User, AccessRights, Deny |
In the results, you should be able to confirm that <Mailbox2> has Full Access rights granted.
Configure “Send on behalf” permissions, Grant a user the ability to send mail on behalf of another user:
Set-Mailbox -Identity user@example.com -GrantSendOnBehalfTo admin@example.com |
In this command line, user@example.com represents the mailbox that you want to grant permissions to and admin@example.com is the mailbox of the user who you want to grant access.
To verify that the “SendOnBehalf” permissions are applied:
Get-Mailbox -Identity admin@example.com | Select GrantSendOnBehalfTo |
Find out whether a password is set to never expire:
Get-MSOLUser -UserPrincipalName admin@example.com | Select PasswordNeverExpires |
Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires |
Set a password to never expire (Individual)
Set-MsolUser -UserPrincipalName user@example.com -PasswordNeverExpires <strong>$true</strong> |
Set-MsolUser -UserPrincipalName user@example.com -PasswordNeverExpires <strong>$false</strong> |
Set a password expiry (All Users)
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires <strong>$true</strong> |
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires <strong>$false</strong> |
Powershell Commands
- http://help.outlook.com/en-us/140/dd575549.aspx
- http://technet.microsoft.com/en-us/library/dd351134.aspx (Mail Forwarding)
Useful URLs:
- Office 365 Portal: https://portal.microsoftonline.com/
- Office 365 Mail (direct): http://mail.office365.com
Links:
Created Shared mailboxes:
Note: This code needs some further work in order to actually create a shared mailbox, but it provides enough of the command line to google a guide.
Add-MailboxPermission "support@domain.com" -User supportMailbox_SG@domain.com -AccessRights FullAccess |