Forum Discussion
Unable to change mailbox permissions
Hi,
We have inherited a Hybrid Exchange environment. It consists of 1 on-prem Exchange Server (Version 15.0 (Build 1473.3)) and M365. All the mailboxes have been migrated to M365 and ADSync
is present to replicate to M365.
The issue we have is that even as a Global and Exchange admin in M365, we are unable to edit the permissions of any users mailbox. Doing this via the M365 admin centre just returns
a message saying "Something Went Wrong." If we try it in Powershell we get a "User is not allowed to call" message.
We are trying to understand if this is an issue with M365 or we are trying to make the permission change from the wrong location?
In a hybrid environment where all mailboxes have been migrated, from where you should you make permission changes to a mailbox?
Is there something else we are doing wrong here?
Thanks
DB
8 Replies
Microsoft fixed it:
Admin account also needed:
Help desk Admin
Exchange Admin
Recipient Admin
Compliance Admin
Hi dbrenserv2024, I have a similar Issue. Did you manage to resolve it? Could you tell me how?
Hi Flexi,
No, we currently have a case option with MS and waiting on them. What is your issue?
CheersHi dbrenserv2024, I just managed to fix it. It also was a permission issue. The "Organization Management" Role in EXO was missing a lot of permissions. Somehow they got removed.
Thanks for your response!
In a hybrid environment, delegate permission changes should be made using the Exchange Admin Centre in M365. Not sure what the issue may be in your case, but worth logging a ticket with Microsoft to see what's going on. Doing a quick search shows that other people have had this issue and Microsoft was able to fix it on their end.
Thanks for your comments.
There are other people indicating this is an issue that Microsoft need to resolve, but just to clarify, in a hybrid environment where the mailboxes have been migrated to M365, managing delegation and permission to mailboxes should be done in Exchange Admin Centre in M365?
Just checking because some online documentation suggests you have to do it on-prem using powershell which seems a bit strange?Just to clarify, these are the errors we get:
When trying to edit permissions in M365 we either get:
Or if we try in powershell we get:
Get-EXOMailboxPermission : An error occurred while processing this request.. {"error":{"code":"Unauthorized","message":"User is not allowed to call Get-MailboxPermission","innererror":{"message":"User is not allowed to call Get-MailboxPermission","type":"Microsoft.Exchange.Admin.OData.Core.ODataServiceException","stacktrace":""Thanks for the reply. There are other people having the similar issues.
But just to clarify, once a mailbox is migrated from on prem to M365, (even thought the hybrid setup is still in place), the permissions/delegates changes should be able to be made via the Exchange Admin Centre in M365?
I just ask because some resources say you still have to manage the mailbox in M365 from the on prem Exchange Server or the on prem Powershell console?
ThanksFor mailboxes that have been migrated to EXO, all the settings for the mailbox need to be managed on prem (ie SMTP addresses, alias, etc), but delegate permissions are managed in EXO.
