grouping child domain users for full access in exchange 2010 for a shared mailbox

I am trying to figure out the following:
I need to group users in a child domain to have full and send-as rights to a shared mailbox in a exchange 2010 resource environment. We have over 60 shared mailboxes and some have anywhere from 2-25 users that need to access a shared mailbox. right now I have to add the AD child domain user account to the send-as and full rights, plus their exchange AD mailbox account so that they have access to send on behalf of, create folders, archive and delete. Adding the exchange mailbox account will allow the autopopulation of the shared mailbox to their personal exchange mailbox account in Outlook 2007.

I have tried creating a global and universal security group in the child domain, but it wont attach using powershell. Then I create a security group in the exchange 2010 AD to quickly add the users at once to autopopulate.

Any ideas?
pyrosdavAsked:
Who is Participating?
 
Neil RussellTechnical Development LeadCommented:
Unfortunately there does not seem to be a solution to this. I have have tried all kinds and nothing cured it.....
So what i did was resort to powershell.

I use a powershell script that runs every 15 minutes that does the following.....

Checks in the domain for the names of all mailboxes of type "SharedMailbox"

For each sharedmailbox, check that there is a valid MailEnabled Universal security group of the name "U Sharedmailbox $Mailboxname"

If there was not, create it

It then checks the list of users who have full control/sendas settings on the mailbox. If they are NOT members of the "U SharedMailbox ....." Group then remove their permissions.

Now do the reverse, check the membership of the group and if they do not have sendas/full controll of the mailbox, add those permissions.

Finally it sends an email of all changes made to our Exchange admin team email account.

What you can do with this, as the control is via a Mailenabled Universal security group, is to add a Manager to the group, that person is the "OWNER" of the shared mailbox. Now from within Outlook, that manager can ADD/REMOVE members from the security group, 15 mins later, all those changes are made in exchange/AD.

Hope that gives you food for thought......
0
 
pyrosdavAuthor Commented:
Looks like I just didn't wait long enough for exchange to sync up. The universal group worked so access and permissions work correctly. However, I didn't get the shared mailbox to auto show up on the users outlook profile. Do I need to use a different kind of group like a distribution group vs a ADUC exchange security group added via power shell?
0
 
pyrosdavAuthor Commented:
Thank you for trying. I do appreciate the options. I am not sure I will go this route, but I will keep it in mind.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.