0

Example:

Get-MailboxPermissions -Identity "<user>"

Shows permissions with IsInherited=True Where would this permission be inherited from in Exchange online?

In on premise exchange I would use Get-MailboxDatabase and/or Get-ADPermission but these are unavailable in Exchange online.

There is a permission we want to remove, but can't because it's inherited:

WARNING: An inherited access control entry has been specified: [Rights: ReadControl, ControlType: Allow]  and was ignored on object "CN=<user>,OU=<organization>,OU=Microsoft Exchange Hosted Organizations,DC=<server>,DC=PROD,DC=OUTLOOK,DC=COM".
Malcolm McCaffery
  • 273
  • 3
  • 12
  • [Permissions are inherited from the mailbox database and/or Active Directory](https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/get-mailboxpermission?view=exchange-ps). – JosefZ May 08 '18 at 12:38
  • Yes that's pretty much what I said. But if an O365 mailbox has these inherited permissions you can't change them? Get-MailboxDatabase / Get-ADPermission cmd is not available in Exchange online ( https://docs.microsoft.com/en-us/powershell/module/exchange/mailbox-databases-and-servers/get-mailboxdatabase?view=exchange-ps ) – Malcolm McCaffery May 08 '18 at 13:04

1 Answers1

0

When you run the Get-MailboxPermission in Exchange Online, it can list all users who have mailbox level permission to the specific mailbox. For example:

enter image description here

For the IsInherited=True results, we can check the User column. Some permissions are interited from some role groups in AD and Exchange organization such as Administrator, Domain Admins, Organization Management, Enterprise Admins and so on.

These permissions are generally configured be default. In Exchange Admin Center, you can click Permissions > Admin Roles to view the role group.

BE77Y
  • 2,577
  • 3
  • 17
  • 23
WinniL
  • 101
  • Ok in this case the permissions are SID which refer to deleted AD accounts ... maybe it is leftover from migration into exchange online ? – Malcolm McCaffery May 09 '18 at 10:17