Set Mailbox privileges for managers and their employees

In AD basically what you do is simply add that Manager to Each Direct Reports Mailbox

However, anb easier way might be to just add the Manager as a delegate to all their direct reports outlook profiles, giving them Review, Author, or editor rights.

Of course Depending on the organization
Some organizations see Exchange and Users Mailboxes as Company Property
And being company property everyone has at least Review Access on eachothers Mailboxes and Calendars

Of course other than users like CEO or HR

One correction (of course), the if statement should read:
if ($directReports -ne $Null)


I left off the s in $directReports

Hey thanks for your reply will try this in my comp very soon

Do you know if there's a way to set it so that the Direct Reports are put into a group which then the group could be accessed by the manager?
I think if they're setup like this, which is a great script, then the mailboxes will automatically open each time the manager launches Outlook.

If the Direct Reports are in a group, and then the manager has full mailbox access to that "group", then all the mailboxes within that group do not automatically open when Outlook is launched. Instead, we have an add-on that allows people to "Open Mailbox" and then they can type the name of a person who's in a group that they have full access to, and open the mailbox on demand.

The script doesn't cause the mailboxes to open. All it does is give the managers the rights needed to open the mailboxes. Outlook only opens, by default, the mailbox associated with the outlook profile and any mailboxes added to the additional mailboxes tab in outlook settings. The script just set the permissions so the manager can open the other mailboxes manually (or with your add-on).

As for groups, there is no way to do that since what you need is to apply rights on the direct reports mailboxes, not on their ad accounts.

Hmm well I'm not sure, it may be something with our AutoDiscover that automatically opens it. because, I issued the command "Add-MailboxPermission UserA -User UserB -AccessRights:FullAccess" where UserA is someone else's mailbox and UserB is myself, I closed and re-opened Outlook and UserA is in my mailbox.

Or is just doing that because I'm running that single command and not the script in its entirety? Sorry if I'm misunderstanding.

No, the add-mailboxpermission has nothing to do with outlook. The only thing I can think that you are doing is maybe you have a profile set up with the other user's mailbox and it is letting you open it. Make sure your outlook profile doesn't have his mailbox defined in it. If the profile is set up to use his mailbox, assigning the right will allow it. But if it is set up to use your profile, it will not automatically open his. All the add-mailboxpermission cmdlet does is grant you the rights to open the other mailbox.

Ok I think this might be it:

http://www.stevieg.org/2011/02/disable-exchange-2010-sp1s-auto-shared-mailbox-mapping/

Thanks for your help I think with your script and the incorporation of that auto-share disabling we are looking at a suitable solution.

I have never seen this before. I run Exchange 2007 and outlook 2010 fully patched. Wierd. Why would they ever implement something like that? At any rate, good find. That should work for you. If you want me to re-write the script to include the script from the link I can do that for you.

Ah man I closed too soon.

Think you could integrate the script?