Quick reference: Which cmdlet does what?
For a shared mailbox:
- Full Access →
Add-MailboxPermission - Send As →
Add-RecipientPermission - (Optional) Send on Behalf →
Set-Mailbox -GrantSendOnBehalfTo
You want a script that:
- Takes one shared mailbox
- Adds:
- A list of users with Full Access
- A list of users with Send As
Here are:
- A simple, direct script for a single mailbox
- A reusable function you can use for multiple mailboxes and run with
-WhatIf
1. Simple Script for One Shared Mailbox
#--------------------------------------------------
# Prerequisites
#--------------------------------------------------
# Requires: ExchangeOnlineManagement module
# Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser
# Connect-ExchangeOnline -UserPrincipalName [email protected]
#--------------------------------------------------
# Configuration
#--------------------------------------------------
# Shared mailbox (alias, primary SMTP, or UPN)
$SharedMailbox = "[email protected]"
# Users who should have Full Access
$FullAccessUsers = @(
"[email protected]",
"[email protected]"
)
# Users who should have Send As
$SendAsUsers = @(
"[email protected]",
"[email protected]"
)
#--------------------------------------------------
# Script Logic
#--------------------------------------------------
foreach ($user in $FullAccessUsers) {
try {
Write-Host "Granting FULL ACCESS on '$SharedMailbox' to '$user'..." -ForegroundColor Cyan
Add-MailboxPermission -Identity $SharedMailbox `
-User $user `
-AccessRights FullAccess `
-InheritanceType All `
-AutoMapping:$true `
-ErrorAction Stop
Write-Host "Full Access granted to '$user' on '$SharedMailbox'." -ForegroundColor Green
}
catch {
Write-Host "Error granting Full Access to '$user' on '$SharedMailbox': $($PSItem.Exception.Message)" -ForegroundColor Red
}
}
foreach ($user in $SendAsUsers) {
try {
Write-Host "Granting SEND AS on '$SharedMailbox' to '$user'..." -ForegroundColor Cyan
Add-RecipientPermission -Identity $SharedMailbox `
-Trustee $user `
-AccessRights SendAs `
-Confirm:$false `
-ErrorAction Stop
Write-Host "Send As granted to '$user' on '$SharedMailbox'." -ForegroundColor Green
}
catch {
Write-Host "Error granting Send As to '$user' on '$SharedMailbox': $($PSItem.Exception.Message)" -ForegroundColor Red
}
}
Code language: PHP (php)Note:
-AutoMapping:$true(Exchange Online) will auto-add the shared mailbox in Outlook for Full Access users.Add-RecipientPermissiondoesn’t have-WhatIf, so be sure your lists are correct before running.
2. Reusable Function: Add Delegates to Shared Mailbox
Here’s a more “production-worthy” version you can drop into your toolbox. It supports:
-WhatIfand-Confirm- Multiple shared mailboxes
- Separate lists of Full Access and Send As users
function Set-SharedMailboxDelegates {
<#
.SYNOPSIS
Adds Full Access and Send As delegates to one or more shared mailboxes.
.DESCRIPTION
For each shared mailbox specified, this function:
- Grants Full Access to the users in -FullAccessUsers
- Grants Send As to the users in -SendAsUsers
It uses Add-MailboxPermission for Full Access and Add-RecipientPermission for Send As.
.PARAMETER SharedMailboxes
One or more shared mailbox identities (alias, UPN, or primary SMTP).
.PARAMETER FullAccessUsers
One or more users who should receive Full Access.
.PARAMETER SendAsUsers
One or more users who should receive Send As permission.
.EXAMPLE
Set-SharedMailboxDelegates -SharedMailboxes "shared1@yourdomain.com" `
-FullAccessUsers "user1@yourdomain.com","user2@yourdomain.com" `
-SendAsUsers "user1@yourdomain.com" -WhatIf
.EXAMPLE
Set-SharedMailboxDelegates -SharedMailboxes "shared1@yourdomain.com","shared2@yourdomain.com" `
-FullAccessUsers "group1@yourdomain.com" `
-SendAsUsers "user3@yourdomain.com"
#>
[CmdletBinding(SupportsShouldProcess)]
param(
[Parameter(Mandatory, ValueFromPipeline)]
[string[]]$SharedMailboxes,
[Parameter(Mandatory)]
[string[]]$FullAccessUsers,
[Parameter(Mandatory)]
[string[]]$SendAsUsers
)
begin {
Write-Verbose "Ensure you are connected to Exchange Online: Connect-ExchangeOnline"
}
process {
foreach ($shared in $SharedMailboxes) {
Write-Host "Processing shared mailbox: $shared" -ForegroundColor Yellow
# --- Full Access Delegates ---
foreach ($user in $FullAccessUsers) {
if ($PSCmdlet.ShouldProcess("$shared", "Grant Full Access to $user")) {
try {
$params = @{
Identity = $shared
User = $user
AccessRights = 'FullAccess'
InheritanceType = 'All'
AutoMapping = $true
ErrorAction = 'Stop'
}
Add-MailboxPermission @params
Write-Host "Full Access granted: $user -> $shared" -ForegroundColor Green
}
catch {
Write-Host "Error granting Full Access ($user -> $shared): $($PSItem.Exception.Message)" -ForegroundColor Red
}
}
}
# --- Send As Delegates ---
foreach ($user in $SendAsUsers) {
if ($PSCmdlet.ShouldProcess("$shared", "Grant Send As to $user")) {
try {
$params = @{
Identity = $shared
Trustee = $user
AccessRights = 'SendAs'
Confirm = $false
ErrorAction = 'Stop'
}
Add-RecipientPermission @params
Write-Host "Send As granted: $user -> $shared" -ForegroundColor Green
}
catch {
Write-Host "Error granting Send As ($user -> $shared): $($PSItem.Exception.Message)" -ForegroundColor Red
}
}
}
}
}
}Code language: HTML, XML (xml)Example usage
# Once per session
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName [email protected]
# Define your mailbox(es) and delegates
$sharedMailboxes = @(
"[email protected]",
"[email protected]"
)
$fullAccessUsers = @(
"[email protected]",
"[email protected]"
)
$sendAsUsers = @(
"[email protected]",
"[email protected]"
)
# Dry-run check
Set-SharedMailboxDelegates -SharedMailboxes $sharedMailboxes `
-FullAccessUsers $fullAccessUsers `
-SendAsUsers $sendAsUsers `
-WhatIf
# Real run
Set-SharedMailboxDelegates -SharedMailboxes $sharedMailboxes `
-FullAccessUsers $fullAccessUsers `
-SendAsUsers $sendAsUsersCode language: PHP (php)Bonus: If you also need “Send on Behalf”
Sometimes shared mailboxes in healthcare workflows need Send on Behalf instead of or in addition to Send As. That uses:
Set-Mailbox -Identity $SharedMailbox -GrantSendOnBehalfTo @{add="[email protected]","[email protected]"}Code language: JavaScript (javascript)