I am connecting to Exchange Online PowerShell module using App Registration with certificate authentication. I have given it the following permissions:
Exchange.ManageAsApp
full_access_as_app
MailboxSettings.ReadWrite
I am trying to run a script that will use set-casmailbox however I am getting the below error. Using this connection I am able to run set-mailbox and get-casmailbox without issue. The issue only occurs on set-casmailbox. Am I missing a permission?
Running command:
Set-CASMailbox -Identity saul.goodman@coldist.com -OWAEnabled $false
Throws error:
Source server:DM6PR03MB5146.namprd03.prod.outlook.com doesn't have write permission to target
DC:SN6PR15A01DC004.NAMPR15A001.PROD.OUTLOOK.COM. Usually it indicates that target forest isn't an account partition of
source forest. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03151469, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : NotSpecified: (:) [Set-CASMailbox], InsufficientPermissionsException
+ FullyQualifiedErrorId : [Server=DM6PR03MB5146,RequestId=b24f9f24-8209-4d04-bb77-fe7e07a8dc32,TimeStamp=7/28/2022 9:01
:20 PM] [FailureCategory=Cmdlet-InsufficientPermissionsException] ED78BADC,Microsoft.Exchange.Management.RecipientTasks
.SetCASMailbox
+ PSComputerName : outlook.office365.com