When you have to cope with a Hybrid Exchange environment, you will surely face some challenges. For example: when to use the on-prem PowerShell or when to use O365 PowerShell, when to use the ECP and when to use the Exchange Online admin center.
While trying to grant Full Access permissions to an Office365 user on a on-premises mailbox, I got this error in my lab environment (Exchange 2013 + Exchange Online):
Add-RecipientPermission “email@example.com” -AccessRights FullAccess -Trustee “firstname.lastname@example.org Add-RecipientPermission : Cannot bind parameter ‘AccessRights’. Cannot convert value “FullAccess” to type “Microsoft.Exchange.Data.RecipientAccessRight”. Error: “Unable to match the identifier name FullAccess to a valid enumerator name. Specify one of the following enumerator names and try again: SendAs”
In the Exchange Control Panel, I couldn’t add the permission either. The O365 user simply doesn’t popup when searching for it. In the ECP I could only add on-premises mail users.
Fix Cannot bind parameter ‘AccessRights’.
To grant an O365 user Full Access permissions to an on-premises mailbox, you should use the cmdlet Add-Mailboxpermission. Make sure you’re working in the on-premises Exchange Management Shell (or any powershell with the Exchange addin)
In my case, the following command was sufficient:
Add-MailboxPermission “email@example.com” -AccessRights FullAccess -User “firstname.lastname@example.org”