{"id":832,"date":"2018-05-02T01:00:00","date_gmt":"2018-05-02T01:00:00","guid":{"rendered":"http:\/\/inswwdev.azurewebsites.net\/au\/insights\/uncategorized\/hybrid-cross-premises-delegation\/"},"modified":"2018-05-02T01:00:00","modified_gmt":"2018-05-02T01:00:00","slug":"hybrid-cross-premises-delegation","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/gb\/insights\/geek-speak\/modern-workplace\/hybrid-cross-premises-delegation\/","title":{"rendered":"Hybrid: Cross-Premises Delegation"},"content":{"rendered":"<p style=\"text-align: justify;\"><strong>Big News!<\/strong><\/p>\n<p style=\"text-align: justify;\">Microsoft is updating Azure Active Directory Connect (AAD Connect) to support cross-premises mailbox delegation.<\/p>\n<p style=\"text-align: justify;\"><strong>What does this mean?<\/strong><\/p>\n<p style=\"text-align: justify;\">Typically, IT Administrators would have to batch their users together based on their delegate permissions. For example, an executive assistant who requires \u201cSend on Behalf\u201d permissions of their director will need to be migrated at the same time.<\/p>\n<p style=\"text-align: justify;\">Organisations can now migrate a mailbox to Office 365 without the worry of batching them together and breaking delegate permissions such as Full Access, Send on Behalf and folder rights.<\/p>\n<p style=\"text-align: justify;\">The required Exchange versions are listed below and whether you are required to make additional configurations.<\/p>\n<ul>\n<li><strong>Exchange 2016:<\/strong><span>\u00a0<\/span>Enabled by default, no additional configuration required<\/li>\n<li><strong>Exchange 2013 CU10 or later:<\/strong><span>\u00a0<\/span>Not enabled by default, additional configuration required<\/li>\n<li><strong>Exchange 2010 Service Pack 3 RU:<\/strong><span>\u00a0<\/span>Manual configuration required<\/li>\n<\/ul>\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>Configuration<\/span><\/h3>\n<p style=\"text-align: justify;\"><strong>EXCHANGE 2013:<\/strong><\/p>\n<p style=\"text-align: justify;\">First you will need to enable ACLable object synchronisation at the organization level, to do so:<\/p>\n<ol>\n<li>Have Active Directory Connect (AAD Connect) version 1.1.553.0 or later. You can download the latest version from<span>\u00a0<\/span><a rel=\"noopener nofollow\" href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=47594\" target=\"_blank\">here<\/a>.<\/li>\n<li>Run the following command.<\/li>\n<\/ol>\n<p style=\"text-align: justify;\"><em>Set-OrganizationConfig -ACLableSyncedObjectEnabled $True<\/em><\/p>\n<p style=\"text-align: justify;\">Once this has been completed any mailboxes moved to Office 365 will retain its support for delegate permissions.<\/p>\n<p style=\"text-align: justify;\">If you\u2019ve already moved mailboxes to Office 365 before making this change, you\u2019ll need to manually enable ACLs on those mailboxes using the steps in the<span>\u00a0<\/span><u>Exchange 2010 section<\/u>.<\/p>\n<p style=\"text-align: justify;\"><strong>EXCHANGE 2010:<\/strong><\/p>\n<p style=\"text-align: justify;\">You will need to follow the steps below on any mailbox that you\u2019ve previously moved to Office 365, and any mailbox being moved from Exchange 2010.<\/p>\n<p style=\"text-align: justify;\"><strong>To enable ACLs on a single mailbox, run the following command.<\/strong><\/p>\n<p style=\"text-align: justify;\"><em>Get-AdUser &lt;Identity&gt; | Set-AdObject -Replace @{msExchRecipientDisplayType=-1073741818}<\/em><\/p>\n<p style=\"text-align: justify;\"><strong>To enable ACLs on all mailboxes moved to Office 365, run the following command.<\/strong><\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><em>Get-RemoteMailbox | ForEach {Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}<\/em><\/p>\n<p style=\"text-align: justify;\"><strong>To verify that the mailboxes have been successfully update, run the following command.<\/strong><\/p>\n<p style=\"text-align: justify;\"><em>Get-RemoteMailbox | ForEach { Get-AdUser -Identity $_.Guid -Properties msExchRecipientDisplayType | Format-Table -AutoSize DistinguishedName, msExchRecipientDisplayType}<\/em><\/p>\n<p style=\"text-align: justify;\">For more information around delegate permissions in a hybrid environment, please read the \u201c<a rel=\"noopener nofollow\" href=\"https:\/\/support.microsoft.com\/en-us\/help\/3064053\/overview-of-delegation-in-an-office-365-hybrid-environment\" target=\"_blank\">Overview of delegation in an Office 365 hybrid environment<\/a>\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Big News! Microsoft is updating Azure Active Directory Connect (AAD Connect) to support cross-premises mailbox delegation. What does this mean? Typically, IT Administrators would have to batch their users together based on their delegate permissions. For example, an executive assistant who requires \u201cSend on Behalf\u201d permissions of their director will need to be migrated at&hellip; <a class=\"more-link\" href=\"https:\/\/www.insentragroup.com\/gb\/insights\/geek-speak\/modern-workplace\/hybrid-cross-premises-delegation\/\">Continue reading <span class=\"screen-reader-text\">Hybrid: Cross-Premises Delegation<\/span><\/a><\/p>\n","protected":false},"author":65,"featured_media":833,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-832","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/832","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=832"}],"version-history":[{"count":0,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/832\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/833"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}