Share via

Cannot create Mailboxes under Management Scope

Ytse Jam 0 Reputation points
2023-11-22T02:55:47.74+00:00

Hi Microsoft Support

I want to our Country Office Local IT officers to be able to manage their own mailboxes that under their Country.

In this example is USA, I have created a new Management Scope using powershell as below

New-ManagementScope "ID-AU-Scope" -RecipientRestrictionFilter {(RecipientType -eq 'UserMailbox' -and CustomAttribute2 -eq 'USA') -or (recipientType -eq 'MailUniversalDistributionGroup' -and CustomAttribute2 -eq 'USA') -or (recipientType -eq 'MailUniversalSecurityGroup' -and CustomAttribute2 -eq 'USA')}

So basically, i am filtering all mailboxes that have extensionattribute of USA and for Permissions, i have selected the below Distribution List Mail Recepient Creation Mail Receptients Security Group Creation and Membership Public Folders

The issue i'm encountering right now is that Country Office local IT cannot create both recipient mailbox and group mailboxes.

Adding/removing member of DL is working

Granting Full Access and Send As Permission on Shared mailboxes is working

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,354 questions
Microsoft Exchange Online
Windows 365 Enterprise
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,500 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,998 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kael Yao-MSFT 37,676 Reputation points Microsoft Vendor
    2023-11-22T06:08:48.75+00:00

    Hi @Ytse Jam,

    From your post you are using CustomAttribute2 -eq USA as an condition of RecipientRestrictionFilter.

    While when the admin creates a new recipient mailbox or group mailbox, the attribute CustomAttribute2 of the mailbox won't have the value set as USA so the admin does not have the permission to create this mailbox.

    The admin, however, should still be able to manage existing mailboxes which have the CustomAttribute2 set as USA.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.