Migrate Mailbox Permissions to Office 365

Mailbox permission are typically translated to O365 during properly batched hybrid MRS moves, however there are still many scenarios where permissions must be audited on-premises and re-applied after migration. One example may be when using 3rd party migration tools.

2/10/2017 - Script has been updated to include new features based on feedback.
Download package and documentation is available from Microsoft Script Center.

Export-MailboxPermissions.ps1 should be run from on-premises Exchange Management Shell (EMS) and will collect mailbox access, send as, send on behalf, and folder delegate permissions into separate CSV datasets. Retrieval of each permission type can be toggled "$true" or "$false" in the script depending on requirements.  Note that retrieving folder delegates can add considerable time to script processing.  Therefore, evaluating only common folders (Inbox, Calendar) is toggled "$true" by default.  Specifying a list of users (rather than running against the entire Org) can also be toggled "$true" or "$false", however PrimarySmtpAddress column must be present in the file. Since mailbox permissions in O365 can only be assigned using mail-enabled objects, script won’t export delegates which are not mail-enabled on-premises (e.g. security groups) and will write warnings to an error log file for review.  If groups are used to assign permissions, the option to expand memberships and apply explicit user access can also be toggled "$true".

Import-MailboxPermissions.ps1 should be run from O365 remote PowerShell after mailboxes have been provisioned/migrated and will re-apply permissions according to collected on-premises datasets. Import of each export file can be toggled "$true" or "$false" in the script and re-applied separately if needed.


Comments (5)
  1. turbomcp says:


  2. kimberly says:

    Hello. I receive the following error when running the script. Can you please assist?

    Cannot bind argument to parameter ‘User’ because it is null.
    + CategoryInfo : InvalidData: (:) [Add-MailboxPermission], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MailboxPermission

  3. Hi, excellent script but it doesnt work when you run in EMS 2007. As many of the commandlets are not supported. Any suggestions?


  4. Patrina Jax says:

    We use Exchange Mail Server 2007. Script didn’t work in 2007. But worked great in later version

    Patrina Jax,

  5. Alice.walker says:

    Great, thanks for sharing this article, it describes how to migrate mailbox permission to office 365 through power-shell, I tested the third party migration tool from
    http://www.lepide.com/exchangemigrator/ which assists to migrate mailbox permission, outlook rules profile, public folder permission to office 365 and perform migration between to any exchange server and
    allows Intra-forest exchange migration.

Comments are closed.

Skip to main content