OBSOLETE - replaced Powershell script to create limited write account in Office 365
Created: 2016-06-03 16:50:58Modified: 2019-01-30 11:55:58
Tags:
As an alternative to using an Office 365 (O365) Administrator account, you may assign minimum access rights to your UnitySync login ID for writing to O365. **
Once created, the two management roles and the service account created in O365 will need to be added to the RBAC using the Exchange Online admin center.
Note: This allows creation of Contacts only (not Groups).
New-ManagementScope -Name “UnitySync Mail Contacts” -RecipientRestrictionFilter {RecipientType -eq “MailContact”}
New-ManagementRole -Parent “Mail Recipients” -Name UnitySyncGALContacts
New-ManagementRole -Parent “Mail Recipient Creation” -Name UnitySyncGALContactsCreate
remove-ManagementRoleEntry UnitySyncGALContacts\Add-MailboxFolderPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Add-MailboxPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Add-RecipientPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Add-UnifiedGroupLinks -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Clear-ActiveSyncDevice -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Clear-MobileDevice -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Disable-InboxRule -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Disable-Mailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Enable-InboxRule -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Enable-Mailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-AcceptedDomain -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-ActiveSyncDevice -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-ActiveSyncDeviceStatistics -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-ActiveSyncMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-AddressBookPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-CASMailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-CASMailboxPlan -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-CalendarProcessing -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-GroupMailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-HotmailSubscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-ImapSubscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-InboxRule -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-LogonStatistics -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailUser -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-Mailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxAutoReplyConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxCalendarConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxCalendarFolder -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxFolderPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxFolderStatistics -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxJunkEmailConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxMessageConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxOverrideConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxPlan -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxPreferredLocation -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxRegionalConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxSpellingConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxStatistics -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-ManagementRoleAssignment -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MessageCategory -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MessageClassification -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MobileDevice -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MobileDeviceMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MobileDeviceStatistics -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-OnlineMeetingConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-OrganizationalUnit -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-OwaMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-PopSubscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-RbacDiagnosticInfo -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-RecipientPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-RecipientStatisticsReport -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-RoleAssignmentPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-SendAddress -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-ServiceStatus -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-SiteMailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-SiteMailboxProvisioningPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-Subscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-SyncRequest -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-SyncRequestStatistics -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-ToolInformation -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-UMMailboxPlan -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-UnifiedAuditSetting -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-UnifiedGroup -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-User -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-UserPhoto -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Import-ContactList -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Import-RecipientDataProperty -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\New-InboxRule -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\New-Mailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\New-OwaMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\New-UnifiedGroup -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-ActiveSyncDevice -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-HybridConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-InboxRule -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-MailboxFolderPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-MailboxPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-MobileDevice -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-OwaMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-RecipientPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-Subscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-UnifiedGroup -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-UnifiedGroupLinks -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-UserPhoto -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Resume-SyncRequest -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-CASMailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-CalendarProcessing -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-Group -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-GroupMailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-HotmailSubscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-ImapSubscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-InboxRule -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-LinkedUser -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxAutoReplyConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxCalendarConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxCalendarFolder -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxJunkEmailConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxMessageConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxPlan -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxRegionalConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailboxSpellingConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-PopSubscription -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-SyncRequest -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-UnifiedAuditSetting -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-UnifiedGroup -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-UserPhoto -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Start-AuditAssistant -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Suspend-SyncRequest -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Test-InvitationManager -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Test-MAPIConnectivity -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Test-OAuthConnectivity -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Update-HybridConfiguration -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Write-AdminAuditLog -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-Clutter -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-Clutter -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\SetUserPhoto -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-OwaMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-MailUser -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-Mailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\remove-SyncRequest -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-MailboxLocation -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Set-User -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContacts\Get-UnifiedGroupLinks -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Disable-JournalArchiving -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-ActiveSyncMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-AddressBookPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-DataEncryptionPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-LinkedUser -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-MailUser -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-MailboxPlan -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-MailboxPreferredLocation -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-ManagementRoleAssignment -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-MobileDeviceMailboxPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-Notification -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-OrganizationalUnit -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-RbacDiagnosticInfo -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-Recipient -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-RoleAssignmentPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-SharingPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-ToolInformation -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-UnifiedAuditSetting -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-User -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\New-DataEncryptionPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\New-MailUser -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\New-SchedulingMailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\remove-MailUser -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Set-DataEncryptionPolicy -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Set-MailboxFolderPermission -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Set-Notification -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Set-UnifiedAuditSetting -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Start-AuditAssistant -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Undo-SoftDeletedMailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Write-AdminAuditLog -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\remove-Mailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\New-Mailbox -Confirm:$false
remove-ManagementRoleEntry UnitySyncGALContactsCreate\Get-Mailbox -Confirm:$false