Recipients Permissions

Summary: Learn about permissions that are required to manage recipients in Exchange Server 2016.

The permissions required to perform tasks to manage recipients vary depending on the procedure being performed or the cmdlet you want to run.

To find out what permissions you need to perform the procedure or run the cmdlet, do the following:

  1. In the table below, find the feature that is most related to the procedure you want to perform or the cmdlet you want to run.

  2. Next, look at the permissions required for the feature. You must be assigned one of those role groups, an equivalent custom role group, or an equivalent management role. You can also click on a role group to see its management roles. If a feature lists more than one role group, you only need to be assigned one of the role groups to use the feature. For more information about role groups and management roles, see Understanding Role Based Access Control.

  3. Now, run the Get-ManagementRoleAssignment cmdlet to look at the role groups or management roles assigned to you to see if you have the permissions that are necessary to manage the feature.

    Note

    You must be assigned the Role Management management role to run the Get-ManagementRoleAssignment cmdlet. If you don't have permissions to run the Get-ManagementRoleAssignment cmdlet, ask your Exchange administrator to retrieve the role groups or management roles assigned to you.

If you want to delegate the ability to manage a feature to another user, see Delegate role assignments.

Mailbox server permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Calendar repair, server configuration
Organization Management
Server Management
Delegating Mailbox servers
Organization Management
Email address policies
Organization Management
Server Management
Exchange Search
Organization Management
View-Only Organization Management
Server Management
Exchange Search - diagnostics
Organization Management
View-Only Organization Management
Support Diagnostics role
Note:: The Support Diagnostics role isn't assigned to a role group. For more information, see Add a Role to a User or USG.
Group metrics
Organization Management
Server Management
Import Export
Mailbox Import Export role
Note:: The Mailbox Import Export role isn't assigned to a role group. For more information, see Mailbox Import Export Role.
Mailbox Assistants
Organization Management
Server Management
Mailbox moves
Organization Management
Recipient Management
Mailbox recovery
Organization Management
Mailbox repair request
Organization Management
Server Management
Recipient Management
Mailbox restore request
Organization Management
Mailbox server configuration
Organization Management
Server Management
Manage Exchange Search Indexer service on a Mailbox server
Local Administrator on the Mailbox server
MAPI connectivity
Organization Management
Server Management
OAB virtual directories
Organization Management
Server Management
Remove store mailbox
Organization Management
Server Management

Calendar and sharing permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Calendar configuration
Organization Management
Recipient Management
Help Desk
Calendar diagnostics
Organization Management
Records Management
Hygiene Management
Compliance Management
Help Desk
Calendar processing
Organization Management
Recipient Management
Help Desk
Notifications
Organization Management
Recipient Management
Organization relationships
Organization Management
Sharing policies
Organization Management

Resource mailbox configuration permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Booking policies
Organization Management
Recipient Management
Help Desk
Delegation
Organization Management
Recipient Management
Resource mailbox schema configuration
Organization Management

Mailbox database permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Mailbox databases
Organization Management
Server Management

Recipient provisioning permissions

This table contains the various permissions that are required to manage recipients.

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Address list, GAL
Organization Management
Antispam
Organization Management
Recipient Management
Apps for Outlook
Organization Management
View-Only Organization Management
Help Desk
Applying sharing policies
Organization Management
Recipient Management
Arbitration
Organization Management
Archive connectivity
Organization Management
View-Only Organization Management
Server Management
Assigning offline address books
Organization Management
Recipient Management
Automatic replies
Organization Management
Recipient Management
Help Desk
Calendar configuration
Organization Management
Recipient Management
Calendar repair
Organization Management
Recipient Management
Contact aggregation settings
Organization Management
Recipient Management
View-Only Organization Management
Convert mailboxes
Organization Management
Recipient Management
Disconnected mailboxes
Organization Management
Recipient Management
Help Desk
Distribution groups
Organization Management
Recipient Management
Dynamic distribution groups
Organization Management
Recipient Management
Email addresses
Organization Management
Recipient Management
UM Management
Inbox rules
Organization Management
Recipient Management
Help Desk
Mail contacts
Organization Management
Recipient Management
Mail tips
Organization Management
Recipient Management
Mail user
Organization Management
Recipient Management
Mailbox folder permissions
Organization Management
Recipient Management
Help Desk
Mailbox folders
Organization Management
Recipient Management
MAPI connectivity
Organization Management
Message configuration
Organization Management
Recipient Management
Help Desk
Message quotas
Organization Management
Recipient Management
Moderation
Organization Management
Recipient Management
Permissions and delegation
Organization Management
Archive mailboxes
Organization Management
Recipient Management
Recipient data properties
Organization Management
Recipient Management
Remote mailboxes
Organization Management
Recipient Management
Retention and legal holds
Organization Management
Recipient Management
Records Management
Send As
Organization Management
Recipient Management
Spelling configuration
Organization Management
Recipient Management
Help Desk
Unified Messaging
Organization Management
UM Management
User mailboxes
Organization Management
Recipient Management
User photos
Organization Management
Recipient Management
Help Desk

Mailbox move and migration permissions

The table contains the permissions that are required to move on-premises mailboxes to different domains or forests and to migrate on-premises mailboxes to and from your cloud-based organization.

Feature Permissions required
Mailbox moves (local or cross-forest)
Organization Management
Recipient Management
Mailbox moves (hybrid deployment)
Organization Management
Recipient Management
Migration (on-boarding and off-boarding from the cloud)
Organization Management
Recipient Management