Solved

grouping child domain users for full access in exchange 2010 for a shared mailbox

Posted on 2012-03-09
3
589 Views
Last Modified: 2012-03-27
I am trying to figure out the following:
I need to group users in a child domain to have full and send-as rights to a shared mailbox in a exchange 2010 resource environment. We have over 60 shared mailboxes and some have anywhere from 2-25 users that need to access a shared mailbox. right now I have to add the AD child domain user account to the send-as and full rights, plus their exchange AD mailbox account so that they have access to send on behalf of, create folders, archive and delete. Adding the exchange mailbox account will allow the autopopulation of the shared mailbox to their personal exchange mailbox account in Outlook 2007.

I have tried creating a global and universal security group in the child domain, but it wont attach using powershell. Then I create a security group in the exchange 2010 AD to quickly add the users at once to autopopulate.

Any ideas?
0
Comment
Question by:pyrosdav
  • 2
3 Comments
 

Author Comment

by:pyrosdav
ID: 37702994
Looks like I just didn't wait long enough for exchange to sync up. The universal group worked so access and permissions work correctly. However, I didn't get the shared mailbox to auto show up on the users outlook profile. Do I need to use a different kind of group like a distribution group vs a ADUC exchange security group added via power shell?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 37704451
Unfortunately there does not seem to be a solution to this. I have have tried all kinds and nothing cured it.....
So what i did was resort to powershell.

I use a powershell script that runs every 15 minutes that does the following.....

Checks in the domain for the names of all mailboxes of type "SharedMailbox"

For each sharedmailbox, check that there is a valid MailEnabled Universal security group of the name "U Sharedmailbox $Mailboxname"

If there was not, create it

It then checks the list of users who have full control/sendas settings on the mailbox. If they are NOT members of the "U SharedMailbox ....." Group then remove their permissions.

Now do the reverse, check the membership of the group and if they do not have sendas/full controll of the mailbox, add those permissions.

Finally it sends an email of all changes made to our Exchange admin team email account.

What you can do with this, as the control is via a Mailenabled Universal security group, is to add a Manager to the group, that person is the "OWNER" of the shared mailbox. Now from within Outlook, that manager can ADD/REMOVE members from the security group, 15 mins later, all those changes are made in exchange/AD.

Hope that gives you food for thought......
0
 

Author Comment

by:pyrosdav
ID: 37774967
Thank you for trying. I do appreciate the options. I am not sure I will go this route, but I will keep it in mind.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question