Recently I was working with a customer who migrated from O365 to Exchange 2010. Customer had two forest and they were using Linked Mailbox. They noticed permission for linked mailboxes are getting rest for some users.

While working I understood that all impacted and not impacted users are in the same OU in the account forest. Idly we have to enable admin audit log to find out why and how the permissions are resetting. In the same time it’s a bit difficult to keeps on granting permissions to all linked mailbox in the resource forest. Therefore I created a script targeting all AD objects/users in a specific OU.


Script syntax are as given below for example OU: OU=Office,DC=MsAccount,DC=local


$mbx=get-mailbox -OrganizationalUnit " OU=Office,DC=MsAccount,DC=local" | where{$_.islinked -eq $true}

foreach($a in $mbx)



Add-MailboxPermission -Identity $a -User $a.linkedmasteraccount -AccessRights fullaccess



This script will re-establish the permission for all linked mailbox missing permission and access rights given is FullAccess.


We understand you might have the same issues shared mailboxes either in same OU or another OU.

As shared mailbox hold separate sets of permission we need to keep a snapshot/export all existing permissions

Exported all permission using below cmdlet to a .CSV file for OU: OU=Office,DC=MsAccount,DC=local


Get-MailBox -OrganizationalUnit " OU=Office,DC=MsAccount,DC=local" | Get-MailboxPermission |where {$_.User -match "DomainName\\*"} | select Identity,User | Export-Csv :\Users\Mukutd\Desktop\permissiononsharedmbx.csv -NoTypeInformation

Script syntax for shared mailbox as given below.


$permission=Import-Csv C:\Users\gjackson\Desktop\permissiononsharedmbx.csv

foreach($perm in $permission)


Add-MailboxPermission -Identity $perm.identity  -User $perm.user -AccessRights Fullaccess -Deny:$false



Note: Each time you grant permission to a new user to a shared mailbox we need to keep the permission snapshot so that we must have them handy for any urgency.

Thank you,