Share via

Exchange Powershell to manage SendAs permissions not working

Wharton, Chris 20 Reputation points
2024-02-23T13:43:32.8433333+00:00

I am trying to manage sendAs permissions on a SharedMail box using Powershell.
The commands execute OK but results are not shown in the EAC or from a Get command even when I wait until the next day. If I run the add-recipientpermission once there are not errors but re-running gives an error that the appropriate access control is already present. If I then run the remove-recipientPermission once it runs with no errors but twice I get the error that the ACE is not present. This looks like the add and remove are doing something, but the changes are not shown when I look in the EAC or run the Get-EXORecipient Permissions. Any help much appreciated.

Connect-ExchangeOnline 
$SMB= "testshared@mydomain"
$UPN = "account@mydomain"
#  Get Permissions
Get-EXORecipientPermission -UserPrincipalName $SMB -ResultSize Unlimited| ? {$_.Trustee -Like "*@*" }
# Get-RecipientPermission  $smb -ResultSize Unlimited| ? {$_.Trustee -Like "*@*" }
#### Set SendAs
Add-RecipientPermission -Identity $UPN -AccessRights SendAs –Trustee $SMB -Confirm:$false 
###  Remove SendAs
Remove-RecipientPermission -Identity $UPN -AccessRights SendAs –Trustee $SMB -Confirm:$false
Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,173 questions
Windows for business | Windows Server | User experience | PowerShell
0 comments
Accepted answer
  1. Kael Yao 37,746 Reputation points Moderator
    2024-02-26T01:40:11.3366667+00:00

    Hi @Wharton, Chris

    From the script it seems you first assigned SendAs permission (by the Add-RecipientPermission line) to testshared@mydomain, then removed this SendAs permission (by the Remove-RecipientPermission line).

    Thus the final result is nothing changed on the SendAs permission on the mailbox.

    If you have assigned permission before running this script, you will get an error that the appropriate access control is already present.

    If you have no assigned permission before running this script, you will get the error that the ACE is not present.

    Besides, can you share more information about what you actually would like to achieve?

    For example, do you want to add a switch for you to choose from either adding or removing the SendAs permission?

    If yes, you can modify the script to be like:

    Connect-ExchangeOnline
$SMB= "testshared@mydomain"
$UPN = "account@mydomain"
# Get permissions
Get-EXORecipientPermission -UserPrincipalName $SMB -ResultSize Unlimited | Where-Object {$_.Trustee -Like "*@*"}
# Prompt the user for their choice
$choice = Read-Host "Please enter your choice: (1) Add SendAs permission (2) Remove SendAs permission"
if ($choice -eq "1") {
    # Add SendAs permission
    Add-RecipientPermission -Identity $UPN -AccessRights SendAs –Trustee $SMB -Confirm:$false
    Write-Host "SendAs permission has been successfully added."
} elseif ($choice -eq "2") {
    # Remove SendAs permission
    Remove-RecipientPermission -Identity $UPN -AccessRights SendAs –Trustee $SMB -Confirm:$false
    Write-Host "SendAs permission has been successfully removed."
} else {
    Write-Host "Invalid input. Please enter 1 to add SendAs permission, or 2 to remove SendAs permission."
}

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.