Welcome to our post on the most useful Exchange Online PowerShell Modules you should know! As an Exchange Online administrator, the most common ways to manage your Exchange environment are either through the Admin portals or through PowerShell.
Managing your environment with the admin portals can often be slow and painful, especially when navigating multiple accounts.
Using PowerShell, although may seem daunting at first, can help you streamline your deployments, management or even remedial work. Lets take a look the the most useful Exchange Online PowerShell commands to help you manage your environment.
Connect to Exchange Online
Before you are able to manage Exchange Online with PowerShell you need to have the cmdlets available by installing the Exchange Online Module.
- Open PowerShell as an administrator.
2. Run the following command to install the Exchange Online Management module.
Install-Module -Name ExchangeOnlineManagement
This will install the module for all users on the workstation. If you wish to only install for the current user, use the following command:
Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser
3. Now you are ready to connect to Exchange Online. Run the following command:
Connect-ExchangeOnline
When the Microsoft 365 modern authentication window pops up, sign in with your credentials.
You can either sign in with a global admin account, which will have access to all commands, or if you are using role-based access control (RBAC), see the following link for role assignments and their permissions. https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
View mailbox settings
Once you are connected to Exchange Online in your PowerShell session, then fun begins! We will now show you some useful commands to view mailbox settings.
- View a summary list of all mailboxes in your organisation:
Get-Mailbox -ResultSize unlimited
- If you want to select specific attributes for each mailbox you can use the ‘select’ parameter:
Get-Mailbox -ResultSize unlimited | select Name, PrimarySmtpAddress
- View information about a specific users mailbox:
Get-Mailbox -Identity *user*
- Again, to select specific attributes for the user mailbox, use the ‘select’ parameter:
Get-Mailbox -Identity *user* | select Name,
PrimarySmtpAddress, EmailAddress
- View permissions on a specific mailbox.
#View all permissions on a specific mailbox
Get-MailboxPermission -Identity [email protected] | FL
#View a specific users permissions on a mailbox
Get-MailboxPermission -Identity [email protected] -User "daniel"
Edit mailbox settings
Now we know how to view mailbox settings (which can also be used to validate changes we make next), let us take a look at how we can modify mailbox settings.
The set-mailbox command is used in this section to make changes to your mailboxes.
- Use the below command to add an additional email alias to a specific mailbox. Below I add the alias ‘[email protected]’ to the account ‘[email protected]’.
#Add email address alias for single user
Set-Mailbox -Identity "[email protected]" -EmailAddresses
@{add="[email protected]"}
- Add an additional domain alias to all users in your tenant. Below I add the domain alias of ‘ourcloudnetwork2.com’ to all users in my tenant.
#Add email address alias for all users
foreach($user in $users){
Set-Mailbox $user.PrimarySmtpAddress -EmailAddresses @{add="$($user.Alias)@ourcloudnetwork2.com"}
}
- Change a users primary SMTP address.
#Change users primary email address
Set-Mailbox -Identity [email protected] -WindowsEmailAddress [email protected] -MicrosoftOnlineServicesID [email protected]
- Change a users UPN (User Principal Name). It is recommended that if you change the users UPN, the Primary SMTP Address should match.
#Change users username
Set-MsolUserPrincipalName -UserPrincipalName "Old UPN" -NewUserPrincipalName "New UPN"
- Set the maximum message send size for a single user or all users.
#for a single user
Set-Mailbox -identity "[email protected]" -MaxSendSize 2MB
#for all users
Get-Mailbox -ResultSize unlimited | Set-Mailbox -MaxSendSize 2MB
- Enable mailbox auditing for a specific user mailbox or all user mailboxes.
#for a single UserMailbox
Set-Mailbox -Identity "[email protected]" -AuditEnabled $true
#for all users
Get-Mailbox -ResultSize Unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Select PrimarySmtpAddress | ForEach {Set-Mailbox -Identity $_.PrimarySmtpAddress -AuditEnabled $true}
Generate mailbox reports
When generating reports through PowerShell, it is likely that the results will need to be saved in a tangible format so it can be processed by a 3rd party or manipulated into something more visually meaningful.
So to start, when producing results in PowerShell we can export them results into a CSV file. This CSV file can then be used in whatever means necessary. We simply do this by adding a PIPE after our command and using the export-csv cmdlet like below. In more detailed scripts the export-csv cmdlet will need to be used more strategically.
#Export data to csv
| Export-Csv results.csv
#To export without the first line containing type information.
| Export-Csv results.csv -NoTypeInformation
- List all recipients including the mailbox type, primary email address and any alias addresses.
Get-Mailbox | Select-Object DisplayName,RecipientType, PrimarySmtpAddress, EmailAddresses | Export-Csv results.csv
- List all distribution groups with the display name, primary email address and group owner.
Get-DistributionGroup -ResultSize unlimited | select displayname, primarysmtpaddress, managedby | Export-csv alldistributiongroups.csv
- List all distributions groups and their members.
$Result=@()
$groups = Get-DistributionGroup -ResultSize Unlimited
$totalmbx = $groups.Count
$i = 1
$groups | ForEach-Object {
Write-Progress -activity "Processing $_.DisplayName" -status "$i out of $totalmbx completed"
$group = $_
Get-DistributionGroupMember -Identity $group.Name -ResultSize Unlimited | ForEach-Object {
$member = $_
$Result += New-Object PSObject -property @{
GroupName = $group.DisplayName
Member = $member.Name
EmailAddress = $member.PrimarySMTPAddress
RecipientType= $member.RecipientType
}}
$i++
}
$Result | Export-CSV "All-Distribution-Group-Members.csv" -NoTypeInformation -Encoding UTF8
- List all mailbox permissions for all mailboxes and types.
Get-Mailbox -resultsize unlimited | Get-MailboxPermission | Select Identity, User, Deny, AccessRights, IsInherited | Export-csv mailboxpermissions.csv
Delegate mailbox and folder permissions
Here we will show you how to provide delegate permissions to mailboxes and folders with PowerShell.
- Provide user 1 full access to user 2’s mailbox. Other permissions include: SendAs and SendOnBehalf.
Add-MailboxPermission -Identity "user1" -User "user2" -AccessRights FullAccess -InheritanceType All
- Provide user 1 full access to all mailboxes in the organisation.
Get-Mailbox -ResultSize unlimited -Filter "(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')" | Add-MailboxPermission -User user1 -AccessRights FullAccess -InheritanceType All
- Provide user 1 access to user 2’s calendar with edit permissions. Other permissions include: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, ReadItems.
Add-MailboxFolderPermission -Identity [email protected]:\calendar -user [email protected] -AccessRights Editor
- Provide user 1 access to the Finance folder in user 2’s mailbox.
Add-MailboxFolderPermission -Identity [email protected]:\Finance -User [email protected] -AccessRights Owner
- Provide user 1 the SendAs permissions to the [email protected] mailbox. User 1 will be able to send emails as [email protected] but cannot view the mailbox.
Add-RecipientPermission "Marketing" -AccessRights SendAs -Trustee "User 1"
Thank you for taking the time to read what are my most useful Exchange Online PowerShell commands to help you manage and maintain your environment. If you think I should add anything else please comment below!