none
How to use Powershell to set delegate for user mailbox in Exchange 2010 and Office 365 RRS feed

  • Question

  • Hello,

     

    Can you please tell me if I can set delegate for user mailbox in Exchange 2010 or Office 365 using Powershell?

    If I can, then how can I do that? (which Powershell commands for setting the delegate?)

     

    Many thanks, and have a good day!

    Friday, February 4, 2011 3:10 PM

Answers

  • Hi,

     

     

    If you wanted to add a delegate to possiblly a large number of users or you do this during mailbox provisioning. So the following script will use impersonation to access another users mailbox and add a delegate.

     

     

     

    $mbtoDelegate = "user@yourdomain.com"

    $delegatetoAdd = "delegate@youdomain.com"

     

     

    $dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.0\Microsoft.Exchange.WebServices.dll"

    [void][Reflection.Assembly]::LoadFile($dllpath)

    $service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1)

     

    $windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()

    $sidbind = "LDAP://<SID=" + $windowsIdentity.user.Value.ToString() + ">"

    $aceuser = [ADSI]$sidbind

     

    $service.AutodiscoverUrl($aceuser.mail.ToString())

    $service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate);

     

    $mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate)

    $dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd)

    $dgUser.ViewPrivateItems = $false

    $dgUser.ReceiveCopiesOfMeetingMessages = $false

    $dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Editor

    $dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Reviewer

    $dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1

    $dgArray[0] = $dgUser

    $service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray);

     

     

     

    Hope this helps.

    Monday, February 7, 2011 8:46 AM
    Moderator

All replies

  • A delegate is generally something that is setup from the client, and I do not believe that it is a specific option from the administrative point of view.  However, there are many switches available on the Set-Mailbox cmdlet that allows notifications to be sent out to another recipient.  You could combine that cmdlet with the Add-MailboxPermission cmdlet to grant access to the mailbox.  It would be important to map out exactly what you would like the delegated individual to do.


    fr3dd
    Friday, February 4, 2011 5:14 PM
  • Many thanks for your reply!

     

    I've tried that, but it just grands the permission to delegated individual, but didn't make him shown up in the delegate list of my mailbox. If you know how to make him shows up on the delegate list, please let me know. I really appreciate that.

     

    Thanks again!

    Friday, February 4, 2011 5:32 PM
  • I do not know if this will help, but I found a C# example that uses Exchange Web Services that might be converted to PowerShell:

    http://msdn.microsoft.com/en-us/library/bb856532(v=EXCHG.140).aspx

    HTH - fr3dd


    fr3dd
    Friday, February 4, 2011 6:01 PM
  • Many thanks!

    It requires to have local Exchange server on my machine :(.

    If you have any info to set delegate for the cloud mailbox, please let me know.

    Have a great day!

     

    Friday, February 4, 2011 8:12 PM
  • Hi,

     

     

    If you wanted to add a delegate to possiblly a large number of users or you do this during mailbox provisioning. So the following script will use impersonation to access another users mailbox and add a delegate.

     

     

     

    $mbtoDelegate = "user@yourdomain.com"

    $delegatetoAdd = "delegate@youdomain.com"

     

     

    $dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.0\Microsoft.Exchange.WebServices.dll"

    [void][Reflection.Assembly]::LoadFile($dllpath)

    $service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1)

     

    $windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()

    $sidbind = "LDAP://<SID=" + $windowsIdentity.user.Value.ToString() + ">"

    $aceuser = [ADSI]$sidbind

     

    $service.AutodiscoverUrl($aceuser.mail.ToString())

    $service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate);

     

    $mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate)

    $dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd)

    $dgUser.ViewPrivateItems = $false

    $dgUser.ReceiveCopiesOfMeetingMessages = $false

    $dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Editor

    $dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Reviewer

    $dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1

    $dgArray[0] = $dgUser

    $service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray);

     

     

     

    Hope this helps.

    Monday, February 7, 2011 8:46 AM
    Moderator
  • Has anyone confirmed this is working not just for 365 but an onpremise system?  I am always leary when a thread gets marked as answered by a moderator and not the person asking the question and then no follow up users saying "it worked!"

    Does this make the Delegate appear in the delegates windows within Outlook 2010?

    Can anyone break down what all is happening in the script?  It does not appear to be "nice and simple" powershell commands.

    What about all of the other folders?  (ie. Tasks, Contacts, Journal, Notes)

     


    Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.
    Thursday, February 2, 2012 1:28 PM
  • Has anyone confirmed this is working not just for 365 but an onpremise system?  I am always leary when a thread gets marked as answered by a moderator and not the person asking the question and then no follow up users saying "it worked!"

    Does this make the Delegate appear in the delegates windows within Outlook 2010?

    Can anyone break down what all is happening in the script?  It does not appear to be "nice and simple" powershell commands.

    What about all of the other folders?  (ie. Tasks, Contacts, Journal, Notes)

     


    Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

    Also curious about this.
    Monday, May 27, 2013 7:23 AM
  • This script is a list of variables. Where's the work?
    Thursday, March 13, 2014 1:13 PM
  • I had to make some modifications to get this to work on a non-EWS system or maybe it was just Exchange 2010. Either way since this is high up on the Google results hopefully people will get some use out of this despite the age of the thread. The key is to use the SID instead of the SMTP address. Here is the working code:

    Add-Type -Path "C:\Program Files\Microsoft\Exchange\Web Services\1.2\Microsoft.Exchange.WebServices.dll" ## Set Exchange Version $ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP2 $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($ExchangeVersion) $service.UseDefaultCredentials = $true $service.Url = "<exchange service URL>" $MailboxName = "<username@domain.com>" $delegatetoAdd = "<username@domain.com>"
    $delegateUN = "<username>"

    $service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName) $dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser("") $user = New-Object System.Security.Principal.NTAccount("<domain>", "$delegateUN") $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) $dgUser.UserId.SID = $sid.value $dgUser.ViewPrivateItems = $false $dgUser.ReceiveCopiesOfMeetingMessages = $false $dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Editor $dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Reviewer $dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1 $dgArray[0] = $dgUser $service.AddDelegates($MailboxName,$delegates.MeetingRequestsDeliveryScope,$dgArray)


    You can have it autodiscover your URL for you, or just do like I did and run that once and then check out service.url to get the url.


    • Edited by Ardee83 Monday, June 30, 2014 7:10 PM
    Monday, June 30, 2014 7:03 PM
  • Add-MailboxFolderPermission -Identity “UserA” -User “UserB” -AccessRights Editor

    ^ This will give UserB editor delegate access to UserA's mailbox. You can also delegate other folders like UserA:\Calendar etc.
    Sunday, August 20, 2017 11:49 PM