Share via

unable to add remote maibox to DL

Roger Roger 7,631 Reputation points
2021-07-21T13:37:52.887+00:00

Hi Experts

i am using exchange 2016 hybrid environment. i have created account in Active Directory and using New RemoteMailbox -Shared syntax in exchange 2016 i have created remote shared mailbox. i have an onprem DL when i am trying give permission to this shared mailbox under Delivery management(Only senders inside your org can send message to this group). i am getting the below error.

The operation on identity "OnpremDL" failed because its out of the current users write scope.
The action 'Set-DistributionGroup' 'AcceptMessageOnlyFromSendersOrMembers',cant be performed on the object "OnpremDL'" because the object is being synchronized from your onpremise organization, even if i unable to give permission for this shared mailbox from exchange online.

So i have disabled the sharedmailbox in exchange onprem and deleted the AD object. I have now created new shared mailbox in exchange onprem with same name and i dont see AD object created for this account.
From Office365 EAC under migration tab-Migrate to ExchangeOnline, i dont see the newly created shared mailbox so that i can migrate it to cloud but i am able to give delivery management permission to this shared mailbox for the DL. Experts guide me

Exchange Online
Exchange Online

A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.

Exchange | Exchange Server | Management
Exchange | Exchange Server | Management

The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.

Exchange | Hybrid management
Exchange | Hybrid management

The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.

0 comments

Answer accepted by question author

Andy David - MVP 160.3K Reputation points MVP Volunteer Moderator
2021-07-21T14:51:35.527+00:00

If the DL is on-prem, then the permission needs needs to be added on-prem as well.
give it the perms to send to that group on-prem using Exchagne Powershell 

Set-distributiongroup "OnPremDL -AcceptMessagesOnlyFrom @{Add="RemoteSharedMailbox"}

https://learn.microsoft.com/en-us/powershell/module/exchange/set-distributiongroup?view=exchange-ps

Was this answer helpful?

0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Joyce Shen - MSFT 16,706 Reputation points
    2021-07-22T05:15:08.41+00:00

    Hi @Roger Roger

    Agree with the suggestion above from Andy, Distribution groups that are created in Office 365 through directory synchronization must be managed in the on-premises environment. Distribution group owners must manage the group by using on-premises tools for Exchange Server such as the following:

    • Exchange Admin Center
    • Exchange Management Console
    • Exchange Management Shell

    Like the issue introduced here: Owners of an on-premises distribution group synced to O365 can't manage the distribution group in Exchange Online

    And the command to add the shared mailbox to the delivery permission can be seen here: Use the Exchange Management Shell to place message delivery restrictions

    This example adds the user named David Pelton to the list of users whose messages will be accepted by the mailbox of Robin Wood. 

    Set-Mailbox -Identity "Robin Wood" -AcceptMessagesOnlyFrom @{add="David Pelton"}

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.