There was a thread recently on the community forums where some gentleman was asking about this. Leaving the arguments around this “conversion” aside, here’s how you can achieve something like this. This is what this little script does:
-
It will ask you for the mailbox name, and will keep asking you until you provide one. You can also pass this as a parameter when invoking the script. It will do a basic check if said mailbox exists, but that’s all.
-
It will store the information about the mailbox object in a temporary variable, which we will reuse later. This includes all the mailbox attributes and permissions, plus the manager information (which is used in some cases to designate the person responsible for managing the shared mailbox).
-
It will ask you to confirm the deletion of the mailbox. Make sure it’s the correct one!
-
After a short pause, it will create a new Distribution group with the same Alias, Name, DisplayName, PrimarySMTPaddress as the (now deleted) mailbox. Since the manager attribute is mandatory, in step 3 it will make sure you provide some input on that.
-
After creating the DG, it will set some additional properties. Those include the rest of the email addresses (stripping any SIP addresses), the MailTip, the list of people with send on behalf of permissions. It will leave all the other settings with their default values, so if you want to restrict membership or delivery options or configure any other setting, make sure to edit this part of the script.
-
It will add each person that had delegate permissions over the shared mailbox as a member of the new DG. Lastly, it will carry over any Send As permissions.
To use the script, copy/paste the lines below to Notepad and save it as something.ps1 file. Make sure to backup the shared mailbox data! The script will of course ask you to confirm the mailbox deletion, but that’s all it will do. If people need access to any of the items that were stored in said mailbox, either export it to PST file, copy it to another mailbox or simply explain to them what the “conversion” to DG means. And, as with anything you copied on the internet, make sure to TEST before you run. It’s a small script that I did as an exercise, it doesn’t do extensive error checks, it might be missing some important steps, it might be plain wrong. You get the idea. Worst case scenario, you will have to restore the soft-deleted mailbox 🙂
param($Mailbox) #Must be the first statement in your script. while (!$Mailbox) { [string]$mailbox = Read-Host "Enter mailbox name" } $mbname = Get-Mailbox -Identity $Mailbox -ErrorAction SilentlyContinue if (!$mbname) { Write-Error "Mailbox $Mailbox not found" -Category OperationStopped -ErrorAction Stop } $manager = (get-user $mbname.UserPrincipalName).manager while (!$manager) { [string]$manager = Read-Host "Groups need at least one Manager, please enter name" } $delegates = Get-MailboxPermission $mbname.UserPrincipalName | ? {$_.IsInherited -ne $true -and $_.User -ne "NT AUTHORITY\SELF"} $trustees = Get-RecipientPermission $mbname.UserPrincipalName Remove-Mailbox $mbname.UserPrincipalName -Confirm:$true sleep 5 # Create new DG with the same email address and name, and set at least one manager $DG = New-DistributionGroup -Name $mbname.Name -DisplayName $mbname.DisplayName -ManagedBy $manager -PrimarySmtpAddress $mbname.PrimarySMTPAddress -Alias $mbname.Alias # Configure the rest of the settings as needed Set-DistributionGroup $DG.Identity -GrantSendOnBehalfTo $mbname.grantsendonbehalfto -MailTip $mbname.MailTip -EmailAddresses $($mbname.EmailAddresses | ? {$_ -notlike "sip:*"}) # Add each person that had rights on the shared mailbox as member of the DG foreach ($delegate in $delegates) { Add-DistributionGroupMember -Identity $DG.Identity -Member $delegate.user } # Add Send As permissions foreach ($trustee in $trustees) { Add-RecipientPermission -Identity $DG.Identity -Trustee $trustee.Trustee -AccessRights $trustee.AccessRights -Confirm:$false }
I dont have grantsendonbehalfto property in shared mailbox object in e2016 on-premises