Forum Discussion
Marc Pituley
May 02, 2018Copper Contributor
Enabling Cross-premises delegate access
I am trying to enable cross-premises delegate access in my organization (specifically folder level permission), but my experience is not matching what I have seen documented and was hoping others might have ran into this already.
From my understanding, in order to allow a cloud user to add an on-premises user as a delegate, you simply need to set the following on-prem:
Set-OrganizationConfig -ACLableSyncedObjectEnabled $true
And to enable on-prem users to add a cloud user as a delegate you simply need to do this for every user that was migrated prior to setting 'ACLableSyncedObjectEnabled' to $true:
Get-RemoteMailbox | ForEach { Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}
However, what I am finding is that while the second thing is working (on-prem users can add cloud users as delegates), the first is not (cloud users still can't assign delegate permissions to an on-prem user). If you try the users still appear in the GAL like:
And trying to add them as a delegate results in:
non-local users cannot be given rights on this server.
Is there an undocumented requirement somewhere that I am missing?
We are currently running Exchange 2013 CU19 on-premises.
- ASysOPCopper Contributor
Thanks Marc, this does work on Exchange 2010 Hybrid.
You will need to generate a new offline address book and delete the OAB from the outlook profile before the fix will take effect 🙂
- Marc PituleyCopper Contributor
Yeah I have seen that already and have set msExchRecipientDisplayType on all migrated mailboxes, and that works for allowing on-premises users to add a cloud mailbox user as a delegate.
However, my problem is the reverse. A cloud mailbox user is not able to add an on-premises user as a delegate.
It may not be enabled in your tenant yet. You cant enable it yourself in 365.
Set-OrganizationConfig -ACLableSyncedObjectEnabled $true
applies to on-prem only, not Office 365