No apply button in option convert to shared mailbox in Exchange Admin Center o365

AM 41 Reputation points

Hello everyone !

I have a minor question about creating a new custom role for one of our IT groups. The assumption is that the above group should only have access to convert regular mailbox to shared mailbox and vice versa. Is it possible to grant only such permissions without extending them with other additional ones (or what would be a possible least privilage to set)?

When creating a custom role (New-ManagementRole), I gave it the parent role with "Reset password" and only left the cmdlets(Remove-ManagementRoleEntry):
get-mailbox, get-mailboxprefferedLocation, get-messagerecallresult, get-recipient, get-senderpermission, get-unifiedauditsetting, get-user, and the most important one that is responsible for converting set-mailbox.

Unfortunately, after logging in to the acc where this role was assigned, when trying to convert the mailbox, there is no Apply button (I attached the image). Would there be a way out of this situation?

Thanks for the help in advance.

Best regards to the Microsoft community


Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,498 questions
0 comments No comments
{count} votes

Accepted answer
  1. Kael Yao-MSFT 37,676 Reputation points Microsoft Vendor

    Hi @AM

    Based on my test, I also created a new role whose parent role is "Reset Password", and removed all the entries except the Set-Mailbox.
    When I access Exchange Admin Center with the account which is assigned this custom role, I cannot see the confirm button as well.

    I suppose the cause is that this account doesn't have sufficient permission.

    If you run this cmdlet via EXO powershell, you may see the parameters available are Identity and RoomMailboxPassword:
    which means the account with this role cannot use the parameter type with Set-Mailbox.
    (if using this account to connect to EXO powershell and run cmdlet Set-Mailbox -identity -type shared, you would get an error message: A parameter cannot be found that matches parameter name 'type'.)

    And since the parameter type doesn't exist in the parent role "Reset Password", it is not possible to add this parameter with the cmdlet Add-ManagementRoleEntry.

    To me you may need to create a new role and set "Mail Recipient" as the parent role.
    Remove the unnecessary entries from this role then only left the required ones (Set-ManagementRoleEntry "convert_to_share\Set-Mailbox" -Parameters "Identity","type").
    Then test with the account in EXO powershell and see if it can convert a mailbox to shared mailbox successfully.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 additional answers

Sort by: Most helpful
  1. AM 41 Reputation points

    Hello !

    Sorry for the late reply, but we had a so-called long weekend in our country and today we returned to work. We already tested the solution and I must confirm that it works perfectly.

    Thank you so much for fast help and assistnace.

    Kind regards

    0 comments No comments

  2. AM 41 Reputation points

    Hi again,

    one more question. If its possible to combine a roles from (old Exchange Admin Center) and or Azure AD like the upper role and the built one ? I'am asking about this becouse when I assigned this created one role (done in old Exchange Admin Center) its behaves desirable like we wanted (the permissions was only for converting). But when i gave the other built roles, it was several of it - listed on screenshot, the permissions just went crazy. My coleague didnt have permission even to manage users, groups, propably to most of gaved permissions. Portal started looping, refreshing. He even lost permission to enter old Exchange Admin Center. Even if i deleted him from the new created role it didnt help to repair this. I tried to unpin and pin again this build roles but it's also didnt help. After when i gave him a Global Administrator and then i assigned this roles and unpin Global Administrator it helped, but anyway now he still cant enter to old Exchange Admin Center, he dont see anything administrative there like in new portal.