May 02 2018 10:21 AM
I am trying to enable cross-premises delegate access in my organization (specifically folder level permission), but my experience is not matching what I have seen documented and was hoping others might have ran into this already.
From my understanding, in order to allow a cloud user to add an on-premises user as a delegate, you simply need to set the following on-prem:
Set-OrganizationConfig -ACLableSyncedObjectEnabled $true
And to enable on-prem users to add a cloud user as a delegate you simply need to do this for every user that was migrated prior to setting 'ACLableSyncedObjectEnabled' to $true:
Get-RemoteMailbox | ForEach { Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}
However, what I am finding is that while the second thing is working (on-prem users can add cloud users as delegates), the first is not (cloud users still can't assign delegate permissions to an on-prem user). If you try the users still appear in the GAL like:
And trying to add them as a delegate results in:
Is there an undocumented requirement somewhere that I am missing?
We are currently running Exchange 2013 CU19 on-premises.
May 03 2018 08:33 AM
Yeah I have seen that already and have set msExchRecipientDisplayType on all migrated mailboxes, and that works for allowing on-premises users to add a cloud mailbox user as a delegate.
However, my problem is the reverse. A cloud mailbox user is not able to add an on-premises user as a delegate.
May 04 2018 08:08 AM
It may not be enabled in your tenant yet. You cant enable it yourself in 365.
Set-OrganizationConfig -ACLableSyncedObjectEnabled $true
applies to on-prem only, not Office 365
May 04 2018 01:40 PM
Is the way to check if your tenant has been enabled to run Get-OrganizationConfig from Exchange Online PowerShell and look for the value of ACLableSyncedObjectEnabled? It was set to false for my organization when I last checked.
My organization has the same problem as Marc's (on-prem users can add cloud users as delegates; cloud users still can't assign delegate permissions to an on-prem user).
Is there an updated timeline for the roll out, I believe that I read that it should have been completed by April?
May 05 2018 04:24 AM
If the on-prem mailboxes no longer have that red slash over them when adding as delegates, then you know your tenant is enabled. :) I know that sounds snide, but its not meant to be, its realty the only true indicator. If that isn't true for you, you could always open a case with 365 and ask them to check on it / enable it.
May 07 2018 09:47 AM
I took your advice and opened an O365 service request. I was informed by Microsoft support that there is not an update being rolled out that will fix this particular problem with assigning delegate permissions from Outlook.
May 22 2018 09:53 AM - edited May 22 2018 09:53 AM
Did MS support provide any sort of resolution or explanation for the problem? I've had a case open with them for a while and while the issue has been escalated, they still haven't been able to provide me with anything.
May 22 2018 10:22 AM
No satisfactory resolution for my support request. I have moved on to trying to work around this problem for migrating delegates and Managers. We are going to have to try and move them all together in batches of interconnected accounts.
Unfortunately this is all I received for an explanation when they archived my case, I haven't added anything on the feedback page yet:
Issue:
assign on-prem delegates from o365 mailbox.
Resolution:
Outlook delegate permission wont work in cross-premises in Office 365.
Would request you to update feedback or suggestions regarding the Product or the services, you can certainly provide your Feedback and Suggestions by clicking on the link below as many features of the current program were designed and upgraded based on customer feedback. We strive to capture any product issues or feedback so as to ensure that we are continuously developing Microsoft products to meet customer needs.
Feedback Link : https://office365.uservoice.com/
May 22 2018 11:04 AM
Oct 04 2019 08:36 AM
Thanks Marc, this does work on Exchange 2010 Hybrid.
You will need to generate a new offline address book and delete the OAB from the outlook profile before the fix will take effect :)