Security Group permissions to shared mailbox Hybrid Exchange Migration

berketjune2012 371 Reputation points
2020-11-22T00:04:22.837+00:00

Hi

We have an Exchange 2010 environment, where shared mailboxes are give permissions via groups in a different forest. These groups can not be mail enabled. When we migrate the shared mailboxes office 365, the group permissions do not migrate.

Any solution to this?

Thanks

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,904 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ashok M 6,506 Reputation points
    2020-11-22T13:06:35.693+00:00

    Hi,

    In order to better understand the situation, could you please provide more information,

    1. Do you have Exchange Hybrid setup with AAD sync
    2. What exactly it means when you say different forest - do you have multiple AD forests & domain
    3. How are the shared mailboxes migrated to Office365

    Exchange 2010 is out of support. Please upgrade to Exchange 2016.

    Cross forest permissions for Exchange hybrid supports Full Access and Send-As. If you move only the Shared mailbox to Office365 in exchange hybrid environment and the user mailbox still stays in On-premise, consider re-assigning the permissions and verify.

    https://learn.microsoft.com/en-us/exchange/permissions#:~:text=Mailbox%20permissions%20supported%20in%20hybrid%20environments&text=For%20example%2C%20a%20Microsoft%20365,an%20on%2Dpremises%20shared%20mailbox.&text=Users%20can%20use%20Open%20another,they%20have%20Full%20Access%20permission.

    If the above suggestion helps, please click on Accept Answer and upvote it.

  2. KyleXu-MSFT 26,211 Reputation points
    2020-11-23T07:31:14.22+00:00

    @berketjune2012

    shared mailboxes are give permissions via groups in a different forest

    I think this is the cause. Cross permission works for Exchange online and Exchange on-premises, because there exist trusted relationship between them. However, there doesn't exist trusted relationship the Exchange online and the another forest.

    You can try to assign permission again manually. I think there may still exist issue with it.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.