locked
Set Forwarding Address on a Shared Mailbox RRS feed

  • Question

  • I am going to use Powershell to set the forwarding address on a Shared Mailbox. I need to allow a user who does not have Full Access to this mailbox and is not an Administrator to do this. I think I need to use RBAC to achieve this but I am not too sure on the details. Is it possible to set the scope to a specific mailbox and permission? Can any one suggest what is required?


    Kevin Gallagher

    Monday, November 24, 2014 3:47 PM

Answers

  • Hi Kevin,

    In your case, you can use the New-ManagementScope cmdlet with the RecipientRestrictionFilter parameter to limit the scope to an individual user.

    For more information, please refer to the Recipient Filter Scopes part in the following article.

    Understanding Management Role Scopes

    http://technet.microsoft.com/en-us/library/dd335146(v=exchg.141).aspx#Recipient

    What's more, if you just need to grant one user the permission to set the forwarding address for a specified shared mailbox, you need to create a custom management role.

    Here is an article about custom management role using RBAC for your reference.

    Create a Custom Admin Role for Exchange using RBAC

    http://blogs.technet.com/b/nepapfe/archive/2014/02/05/create-a-custom-admin-role-for-exchange-using-rbac.aspx

    Hope this can be helpful.

    Best regards,


    Amy Wang
    TechNet Community Support

    • Proposed as answer by Amy.Wang Friday, December 5, 2014 1:37 AM
    • Marked as answer by Amy.Wang Friday, December 5, 2014 9:05 AM
    Tuesday, November 25, 2014 9:32 AM
  • Using your requirements, my suggestion that you use a distribution group for the forwarding address should work.  You may wish to leave a copy of the message in the original mailbox, if necessary.  You grant the rights with the following command:

    Set-Mailbox <mailbox alias> -DeliverToMailboxAndForward $true -ForwardingAddress <group alias>

    Once the rights are granted, you would give group manager access using:

    Set-DistributionGroup <group alias from above> -BypassSecurityGroupManagerCheck -ManagedBy <comma delimited list of manager aliases>

    Once this is configured, any of the managers would be able to update the group membership, removing or adding the on-call person as required.  Would that work for your situation?

    • Proposed as answer by Amy.Wang Friday, December 5, 2014 1:36 AM
    • Marked as answer by Amy.Wang Friday, December 5, 2014 9:05 AM
    Tuesday, November 25, 2014 1:58 PM

All replies

  • I don't think you can scope it down to an individual mailbox, either.  What is the reason for the severe limitations?  You could add a distribution group as the forwarding address and give the user(s) management rights on the DL membership.

    Monday, November 24, 2014 4:36 PM
  • Hi Kevin,

    In your case, you can use the New-ManagementScope cmdlet with the RecipientRestrictionFilter parameter to limit the scope to an individual user.

    For more information, please refer to the Recipient Filter Scopes part in the following article.

    Understanding Management Role Scopes

    http://technet.microsoft.com/en-us/library/dd335146(v=exchg.141).aspx#Recipient

    What's more, if you just need to grant one user the permission to set the forwarding address for a specified shared mailbox, you need to create a custom management role.

    Here is an article about custom management role using RBAC for your reference.

    Create a Custom Admin Role for Exchange using RBAC

    http://blogs.technet.com/b/nepapfe/archive/2014/02/05/create-a-custom-admin-role-for-exchange-using-rbac.aspx

    Hope this can be helpful.

    Best regards,


    Amy Wang
    TechNet Community Support

    • Proposed as answer by Amy.Wang Friday, December 5, 2014 1:37 AM
    • Marked as answer by Amy.Wang Friday, December 5, 2014 9:05 AM
    Tuesday, November 25, 2014 9:32 AM
  • The reason behind my question is thus. We have a shared mailbox that periodically needs to redirect mail to another mailbox. Normally the redirect begins from 17:00hrs until 09:00hrs. We manage this through a series of scheduled tasks. However over holiday periods times can vary depending upon help desk staff availability which means it can be a little erratic. As admins we are asked to manage configuring the scheduled tasks. I was hoping to give someone the rights to set the forwarding address on the shared mailbox so that they could manage the scheduled tasks themselves.

    Kevin Gallagher

    Tuesday, November 25, 2014 11:45 AM
  • Thanks to all who have replied. I may need to give a little more thought to the problem. I will go away and read the links supplied by Amy.

    Kevin Gallagher

    Tuesday, November 25, 2014 11:53 AM
  • Using your requirements, my suggestion that you use a distribution group for the forwarding address should work.  You may wish to leave a copy of the message in the original mailbox, if necessary.  You grant the rights with the following command:

    Set-Mailbox <mailbox alias> -DeliverToMailboxAndForward $true -ForwardingAddress <group alias>

    Once the rights are granted, you would give group manager access using:

    Set-DistributionGroup <group alias from above> -BypassSecurityGroupManagerCheck -ManagedBy <comma delimited list of manager aliases>

    Once this is configured, any of the managers would be able to update the group membership, removing or adding the on-call person as required.  Would that work for your situation?

    • Proposed as answer by Amy.Wang Friday, December 5, 2014 1:36 AM
    • Marked as answer by Amy.Wang Friday, December 5, 2014 9:05 AM
    Tuesday, November 25, 2014 1:58 PM