Error received when applying permissions to remote shared mailbox: Write-ErrorMessage : Object reference not set to an instance of an object

Rob Banks 41 Reputation points
2022-11-26T01:46:04.297+00:00

I created a new shared mailbox via powershell a few days ago like we always do with the powershell command below and ran into a problem while trying to apply full access delegate permissions. Since we have a hybrid environment, I ran the first command from one of our on premise Exchange 2013 CU23 servers. Any suggestions?

  1. New-RemoteMailbox -Name "Mailbox Display Name" -Shared -UserPrincipalName <email address> -OnPremisesOrganizationalUnit "domain org unit"
  2. After waiting for the mailbox to appear in Exchange Online and our on premise Exchange Admin Console, I then added send on behalf rights to the mailbox for a mail enabled security group that I created prior to the mailbox.
  3. The reason I created the mailbox after the group is so the security group would have already replicated to Azure and be visible to Exchange Online.
  4. I then ran this command from the Exchange Online powershell to grant full access permissions to the mailbox for the mail enabled security group; this is how we always do it and it always works: Add-MailboxPermission -identity "Identity Removed" -user "Mailbox Access - Security Group Name" -AccessRights fullaccess

Unfortunately I keep getting an error whenever I try to grant full access permissions in both powershell and in the Exchange Online admin console. I'm logged in with an admin account that has permissions, and it doesnt matter which user mailbox or security group I try and grant full access permissions for this mailbox.

I've also tried removing the mailbox and recreating it after waiting a few hours for replication but its not working and tried different variations of the command as show below. Interesting that I'm able to apply send on behalf permissions using this command: Set-Mailbox -Identity <email address> -GrantSendOnBehalfTo "Mailbox security group"

PS C:\WINDOWS\System32> Add-MailboxPermission -identity "Mailbox Display Name" -user "Mailbox Security Group" -AccessRights fullaccess
Write-ErrorMessage : Object reference not set to an instance of an object.
At C:\Users\AppData\Local\Temp\tmpEXO_3vzilvmx.wti\tmpEXO_3vzilvmx.wti.psm1:1097 char:13

  • Write-ErrorMessage $ErrorObject
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [Add-MailboxPermission], Exception
  • FullyQualifiedErrorId : [Server=BL0PR1701MB2465,RequestId=590fbd72-b57c-eeba-6410-1b44bd889143,TimeStamp=Sat, 26 Nov 2022 01:36:02 GMT],Write-ErrorMessage

PS C:\WINDOWS\System32> Add-MailboxPermission -identity <email address> -user "Mailbox Security Group" -AccessRights fullaccess
Write-ErrorMessage : Object reference not set to an instance of an object.
At C:\Users\AppData\Local\Temp\tmpEXO_3vzilvmx.wti\tmpEXO_3vzilvmx.wti.psm1:1097 char:13

  • Write-ErrorMessage $ErrorObject
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [Add-MailboxPermission], Exception
  • FullyQualifiedErrorId : [Server=BL0PR1701MB2465,RequestId=a4b54f30-32b4-6007-1a4c-98eee22574fc,TimeStamp=Sat, 26 Nov 2022 01:36:45 GMT],Write-ErrorMessage
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,373 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,492 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,995 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 100K Reputation points MVP
    2022-11-26T08:16:59.72+00:00

    There's an ongoing issue on Exchange side that might explain the behavior: https://admin.microsoft.com/#/servicehealth/:/alerts/EX471164

    Admins may be unable to assign delegates full access permissions to newly created shared mailboxes in Exchange Online.
    EX471164, Last updated: November 24, 2022 9:05 PM
    Estimated start time: November 24, 2022 1:53 PM

    November 24, 2022 9:04 PM
    Title: Admins may be unable to assign delegates full access permissions to newly created shared mailboxes in Exchange Online

    User Impact: Admins may be unable to assign delegates full access permissions to newly created shared mailboxes in Exchange Online.

    Current status: We've identified that a recent change intended to provide adda new identifier property to the existing code path resulted in the wrong value being provided, which caused impact. We've disabled this change which will resolve impact for any further shared mailboxes being provisioned. For existing shared mailboxes exhibiting impact, admins can run the following cmdlet to resolve impact: Remove-MailboxPermission <identity> -ResetDefault; while in parallel we're reviewing options for remediating impact to existing shared mailboxes to further assist.

    Scope of impact: Impact is specific to admins delegating full access permissions to newly created shared mailboxes to any user.

    Start time: Wednesday, November 23, 2022, 12:00 PM (10:00 AM UTC)

    Root cause: A recent change intended to add a new identifier property to the existing code path resulted in the wrong value being provided.

    Next update by: Monday, November 28, 2022, 1:30 PM (11:30 AM UTC)


1 additional answer

Sort by: Most helpful
  1. Joshua Bines 1 Reputation point
    2022-11-30T15:29:58.513+00:00

    Found some more mailboxes affected by this 'resolved' outage today! So... we were unknowing affected, that's sure one way of keeping your SLA at 99.99% I wonder whose bonuses are linked to that figure! sorry for the scepticism

    'We're working with affected organizations' My suggestion is check any shared mailboxes that were created during the outage period as clearly quite a number are still affected and it's not clear if further clean-up activities are taking place.

    Start time: Wednesday, November 23, 2022, 11:00 AM (10:00 AM UTC)

    End time: Thursday, November 24, 2022, 3:00 PM (2:00 PM UTC)

    265852-image.png

    0 comments No comments