Solved

grouping child domain users for full access in exchange 2010 for a shared mailbox

Posted on 2012-03-09
3
586 Views
Last Modified: 2012-03-27
I am trying to figure out the following:
I need to group users in a child domain to have full and send-as rights to a shared mailbox in a exchange 2010 resource environment. We have over 60 shared mailboxes and some have anywhere from 2-25 users that need to access a shared mailbox. right now I have to add the AD child domain user account to the send-as and full rights, plus their exchange AD mailbox account so that they have access to send on behalf of, create folders, archive and delete. Adding the exchange mailbox account will allow the autopopulation of the shared mailbox to their personal exchange mailbox account in Outlook 2007.

I have tried creating a global and universal security group in the child domain, but it wont attach using powershell. Then I create a security group in the exchange 2010 AD to quickly add the users at once to autopopulate.

Any ideas?
0
Comment
Question by:pyrosdav
  • 2
3 Comments
 

Author Comment

by:pyrosdav
Comment Utility
Looks like I just didn't wait long enough for exchange to sync up. The universal group worked so access and permissions work correctly. However, I didn't get the shared mailbox to auto show up on the users outlook profile. Do I need to use a different kind of group like a distribution group vs a ADUC exchange security group added via power shell?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
Comment Utility
Unfortunately there does not seem to be a solution to this. I have have tried all kinds and nothing cured it.....
So what i did was resort to powershell.

I use a powershell script that runs every 15 minutes that does the following.....

Checks in the domain for the names of all mailboxes of type "SharedMailbox"

For each sharedmailbox, check that there is a valid MailEnabled Universal security group of the name "U Sharedmailbox $Mailboxname"

If there was not, create it

It then checks the list of users who have full control/sendas settings on the mailbox. If they are NOT members of the "U SharedMailbox ....." Group then remove their permissions.

Now do the reverse, check the membership of the group and if they do not have sendas/full controll of the mailbox, add those permissions.

Finally it sends an email of all changes made to our Exchange admin team email account.

What you can do with this, as the control is via a Mailenabled Universal security group, is to add a Manager to the group, that person is the "OWNER" of the shared mailbox. Now from within Outlook, that manager can ADD/REMOVE members from the security group, 15 mins later, all those changes are made in exchange/AD.

Hope that gives you food for thought......
0
 

Author Comment

by:pyrosdav
Comment Utility
Thank you for trying. I do appreciate the options. I am not sure I will go this route, but I will keep it in mind.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now