Share via

Cannot create Mailboxes under Management Scope

Ytse Jam 0 Reputation points
2023-11-22T02:55:47.74+00:00

Hi Microsoft Support

I want to our Country Office Local IT officers to be able to manage their own mailboxes that under their Country.

In this example is USA, I have created a new Management Scope using powershell as below

New-ManagementScope "ID-AU-Scope" -RecipientRestrictionFilter {(RecipientType -eq 'UserMailbox' -and CustomAttribute2 -eq 'USA') -or (recipientType -eq 'MailUniversalDistributionGroup' -and CustomAttribute2 -eq 'USA') -or (recipientType -eq 'MailUniversalSecurityGroup' -and CustomAttribute2 -eq 'USA')}

So basically, i am filtering all mailboxes that have extensionattribute of USA and for Permissions, i have selected the below Distribution List Mail Recepient Creation Mail Receptients Security Group Creation and Membership Public Folders

The issue i'm encountering right now is that Country Office local IT cannot create both recipient mailbox and group mailboxes.

Adding/removing member of DL is working

Granting Full Access and Send As Permission on Shared mailboxes is working

Exchange Online
Exchange Online

A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.

Windows for business | Windows 365 Enterprise
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Exchange | Exchange Server | Management
Exchange | Exchange Server | Management

The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.

Exchange | Hybrid management
Exchange | Hybrid management

The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kai Yao 37,791 Reputation points Moderator
    2023-11-22T06:08:48.75+00:00

    Hi @Ytse Jam,

    From your post you are using CustomAttribute2 -eq USA as an condition of RecipientRestrictionFilter.

    While when the admin creates a new recipient mailbox or group mailbox, the attribute CustomAttribute2 of the mailbox won't have the value set as USA so the admin does not have the permission to create this mailbox.

    The admin, however, should still be able to manage existing mailboxes which have the CustomAttribute2 set as USA.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.