question

BillTkach-2852 avatar image
0 Votes"
BillTkach-2852 asked YukiSun-MSFT commented

Cannot move "private" items in shared mailbox issue

I found this link to a similar problem.

It's from 2012.

So now, it's 2020, I am using Outlook 365, with an on-premise server, and I still seem to have this issue.

We have a shared mailbox, lets call it HR.
This mailbox is shared between several people. Lets say one is Joe.
Joe logs into his Outlook account. He was setup with Full Access and Send Access in ECP, so technically should be able to do everything in the HR shared mailbox. He wants to move some files around within the HR mailbox. Not out of it to his mailbox, or somewhere else, but just WITHIN it.

However, he finds that for any folder that contains a folder within it, it gives an error message if he tries to move it. Or delete it.
The only solution that I have found is to manually recreate the new folder in the new location. You then have to copy the folders that reside in the original folder location to the new location, and copy any emails over. Sloppy and error prone.

Now I've seen some solutions that say you need to give people Delegate Access, by logging in as the Shared folder, and then right clicking the inbox, and setting Joe as a delegate, but this is Shared folder on Exchange. It doesn't have an account that lets you log on. And Joe already has Full/Send Access on the HR mailbox.

What is the solution here? I see this one, but I don't know how I would grant them rights to "Private items"


office-exchange-server-administrationoffice-outlook-itprooffice-exchange-server-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered BillTkach-2852 edited

Hi @BillTkach-2852

he finds that for any folder that contains a folder within it, it gives an error message if he tries to move it. Or delete it.

Is the error message the same with what was cited in the thread you shared? That is: "cannot move the items. Cannot copy this folder because it may contain private items" ?
What's the version of your Exchange server?

As per your concern about the possible solution that grant the rights to "Private items", please follow the steps below to set up the shared mailbox as a separate account so that you would be able the assign the "Private items" permission:
1. Let's say you are granted with the Full Access permission to the shared mailbox "HR". Please create a new Outlook profile from ether Control Panel or within Outlook(File > Account Settings > Manage Profiles, click Show Profiles, choose "Prompt for a profile to be used", click Add), specify a name for the profile, such as "HR", click OK:
29727-1.png
2. In the Add account dialogue box, enter the name and the email address of the shared mailbox only, don't fill out the other fields:
29812-2.png
3. Click Next to proceed the configuration, click Finish.
4. Restart Outlook using the new created profile, it will prompt you for your user credentials. You can now choose "More choices" > Use a different account, and then fill out your own username and password:
29728-3.png
29793-4.png
5. Now you would be able to go to File > Account Settings > Delegate Access, and give the user delegate rights with the permission to see the private items:
29832-5.png


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




1.png (14.6 KiB)
2.png (14.2 KiB)
3.png (15.0 KiB)
4.png (9.7 KiB)
5.png (40.7 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.



Hi, thanks for the answer.
I tried to use your solution (your explanation is very clear, thanks for that).

However, when I get to the point where I select another account, and I select Joe's account to logon, it prompts for his password, which I type in, but then it prompts again and again.
It does not accept the password.

Joe has Full Access and Send Access for the HR account.

This is an Exchange Server 2016CU13

I'm using Outlook 365.

Yes, that's the correct error message.

Thanks,

0 Votes 0 ·

Well I tried a few more times, and then I was able to logon for some reason.

However, when I then go into Outlook, using the newly created Profile, and I try to change the Delegates setting, it says:

Cannot activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object.

Which then directs me to this page for a solution:

Why has Microsoft made this so sloppy? Why do I need to start editing registry keys for this to work? Why would they created the ability to easily create shared folders, but, if you want to move items around in them, its a PITA? And why would they not have fixed it by now? I don't expect you to have the answer, this is just a general complaint to MS, if they're listening.


0 Votes 0 ·
BillTkach-2852 avatar image
0 Votes"
BillTkach-2852 answered YukiSun-MSFT commented

So this sent me down a rabbit hole.
I followed the suggestions above, and I was unable to get it working.

I then realized that when using the ECP, there is an option to give a user mailbox "Send On Behalf" permission, but this option does not show up for Shared Mailboxes.

However, in the Exchange Management Shell, the command exists.

 Set-mailbox 'HR' -Grantsendonbehalfto @{add="Joe@ourdomain.ca"}

Apparently you need to have this Send-on-Behalf permission... to move folders around in a Shared folder to which you have access. Makes total sense. Anyway.

Once I granted Joe that, Joe was then able to follow the instructions YukiSun-MSFT provided above. Even though you have Send-on-behalf, you still have to change the setting to enable the user to be able to be an Editor and move files around, and grant the "Delegate can see my private items."



And now it works!

If you want to see who has Send-on-Behalf on a mailbox

 Get-Mailbox 'MySharedMailbox' | ft Name,grantsendonbehalfto -wrap


Thanks for the help!






· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @BillTkach-2852, Great to see that you have finally got it sorted out. Happy to have helped and thanks a lot for your sharing : )

0 Votes 0 ·