Granting send on behalf permissions to M365 users for on prem shared mailboxes (hybrid)

Rob Banks 41 Reputation points

Hi everyone,
I've got a hybrid environment with two DAG clusters in a cross-domain forest; one DAG consists of four Exchange 2013 CU23 servers and the other DAG consists of four Exchange 2016 servers.

All user mailboxes have been migrated to Exchange Online as of last year but a few shared mailboxes still reside on premise. We had migrated those earlier this year but the performance was terrible and we had no choice but to migrate them back on premise. Right now I'm trying to grant send on behalf permissions to my account so I can do some testing but am not having any success; here is what I've done:

  1. Created a shared mailbox on prem; this mailbox resides on the 2013 DAG
  2. Granted myself full access to the on premise shared mailbox via on prem Exchange powershell (confirmed I have full access now)
  3. Granted myself send on behalf rights via on premise powershell with this command: Set-Mailbox -Identity <onpremisemailbox@keyman .com> -GrantSendOnBehalfTo "user@keyman .com"
  4. Ran this command from Exchange Online powershell: Set-Mailuser -Identity <onpremisemailbox@keyman .com> -GrantSendOnBehalfTo "user@keyman .com"

I confirmed I have send on behalf rights in on premise powershell, but when I run Get-User <onpremisemailbox@keyman .com> | fl displayname, GrantSendOnBehalfTo on the mailbox display name is returned

Our hybrid environment is configured properly for the permissions to sync and so forth, we have done this many times for other on premise shared mailboxes that still remain but its been a while now so I'm not sure if I am missing something.


Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,481 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,985 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,449 questions
0 comments No comments
{count} votes

Accepted answer
  1. Joy Zhang-MSFT 1,046 Reputation points

    Hi @Rob Banks ,

    As far as I know, the command Get-User returns no mail-related properties for mailboxes or mail users. I have done a test in my lab, the same result with you, the Get-User command only return display name for me. If you want to confirm if the send on behalf permission is assigned successfully, you could run below command to do it:

    Get-MailboxPermission -Identity -User "user"  

    In addition, to check if this permission is working well, you could send mails in outlook via send on behalf, once the mails send successfully, it indicates that send on behalf permission is configured well.

    If an Answer is helpful, please click "Accept Answer" and upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
  1. Rob Banks 41 Reputation points

    Looks like its working now. I did do one thing different last night; I removed send on behalf permissions from both on premise powershell and Exchange Online powershell, then went back and reapplied from Exchange Online powershell first and waited again for replication to occur and then reapplied from on premise Exchange powershell. Thanks for the assistance.