Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

grouping child domain users for full access in exchange 2010 for a shared mailbox

Posted on 2012-03-09
3
Medium Priority
?
598 Views
Last Modified: 2012-03-27
I am trying to figure out the following:
I need to group users in a child domain to have full and send-as rights to a shared mailbox in a exchange 2010 resource environment. We have over 60 shared mailboxes and some have anywhere from 2-25 users that need to access a shared mailbox. right now I have to add the AD child domain user account to the send-as and full rights, plus their exchange AD mailbox account so that they have access to send on behalf of, create folders, archive and delete. Adding the exchange mailbox account will allow the autopopulation of the shared mailbox to their personal exchange mailbox account in Outlook 2007.

I have tried creating a global and universal security group in the child domain, but it wont attach using powershell. Then I create a security group in the exchange 2010 AD to quickly add the users at once to autopopulate.

Any ideas?
0
Comment
Question by:pyrosdav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:pyrosdav
ID: 37702994
Looks like I just didn't wait long enough for exchange to sync up. The universal group worked so access and permissions work correctly. However, I didn't get the shared mailbox to auto show up on the users outlook profile. Do I need to use a different kind of group like a distribution group vs a ADUC exchange security group added via power shell?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 1500 total points
ID: 37704451
Unfortunately there does not seem to be a solution to this. I have have tried all kinds and nothing cured it.....
So what i did was resort to powershell.

I use a powershell script that runs every 15 minutes that does the following.....

Checks in the domain for the names of all mailboxes of type "SharedMailbox"

For each sharedmailbox, check that there is a valid MailEnabled Universal security group of the name "U Sharedmailbox $Mailboxname"

If there was not, create it

It then checks the list of users who have full control/sendas settings on the mailbox. If they are NOT members of the "U SharedMailbox ....." Group then remove their permissions.

Now do the reverse, check the membership of the group and if they do not have sendas/full controll of the mailbox, add those permissions.

Finally it sends an email of all changes made to our Exchange admin team email account.

What you can do with this, as the control is via a Mailenabled Universal security group, is to add a Manager to the group, that person is the "OWNER" of the shared mailbox. Now from within Outlook, that manager can ADD/REMOVE members from the security group, 15 mins later, all those changes are made in exchange/AD.

Hope that gives you food for thought......
0
 

Author Comment

by:pyrosdav
ID: 37774967
Thank you for trying. I do appreciate the options. I am not sure I will go this route, but I will keep it in mind.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question