This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 96%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi,
We are using the following command to connect to ExchangeOnline using Service Principal:
Connect-ExchangeOnline -AppId $Application.AppId -CertificateThumbprint $thumb -Organization "OrganizationName"
It connected with no errors.
The following command, however, gives this error message:
Add-MailboxPermission -Identity “usermailbox” -User “userthatneedsaccess” -AccessRights FullAccess -InheritanceType All
The term ‘Add-MailboxPermission’ is not recognized as the name of a cmdlet, function, script file, or operable program.
When connecting using a service account, the 'Add-MailboxPermission' command does not give this error.
We are trying to migrate to using Service Principals. Can someone please help us here?
Thanks in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 35%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXQ%3C/text%3E%3C/svg%3E)
Hi, @Nisha
Just wanted to check if the answer shared below helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
Did you assign an admin role to the service principal? Step 5 here: https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-5-assign-microsoft-entra-roles-to-the-application
This is a mandatory step, you cannot skip it. If you do not want to assign a "wide" Entra ID role, you can use the Exchange RBAC model instead, read here: https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac
Should we add the admin role on the Exchange Admin Center or on the Azure portal? I am just learning and I am sorry if I don't make sense.
That would depend on the exact permissions you plan to assign. If you are fine with assigning a role such as Exchange admin, you can do so directly in the Entra portal. If you want more granular assignment, you will need to use Exchange PowerShell. Both methods are detailed in the article above, give it a read.
That was it! Assigning the admin role was key. Thank you!
Hi, @Nisha
I couldn't agree more with Vasil Michev 's idea. You may need at least the appropriate permissions to use the above commands. You can read the article above first.
In addition, according to other users, Microsoft has applied some updates that may affect permissions. Removing and reapplying these permissions may resolve the issue. More information can be found Add-MailboxPermission : The term 'Add-MailboxPermission' is not recognized - Collaboration - Spiceworks Community
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".