Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 602
  • Last Modified:

grouping child domain users for full access in exchange 2010 for a shared mailbox

I am trying to figure out the following:
I need to group users in a child domain to have full and send-as rights to a shared mailbox in a exchange 2010 resource environment. We have over 60 shared mailboxes and some have anywhere from 2-25 users that need to access a shared mailbox. right now I have to add the AD child domain user account to the send-as and full rights, plus their exchange AD mailbox account so that they have access to send on behalf of, create folders, archive and delete. Adding the exchange mailbox account will allow the autopopulation of the shared mailbox to their personal exchange mailbox account in Outlook 2007.

I have tried creating a global and universal security group in the child domain, but it wont attach using powershell. Then I create a security group in the exchange 2010 AD to quickly add the users at once to autopopulate.

Any ideas?
0
pyrosdav
Asked:
pyrosdav
  • 2
1 Solution
 
pyrosdavAuthor Commented:
Looks like I just didn't wait long enough for exchange to sync up. The universal group worked so access and permissions work correctly. However, I didn't get the shared mailbox to auto show up on the users outlook profile. Do I need to use a different kind of group like a distribution group vs a ADUC exchange security group added via power shell?
0
 
Neil RussellTechnical Development LeadCommented:
Unfortunately there does not seem to be a solution to this. I have have tried all kinds and nothing cured it.....
So what i did was resort to powershell.

I use a powershell script that runs every 15 minutes that does the following.....

Checks in the domain for the names of all mailboxes of type "SharedMailbox"

For each sharedmailbox, check that there is a valid MailEnabled Universal security group of the name "U Sharedmailbox $Mailboxname"

If there was not, create it

It then checks the list of users who have full control/sendas settings on the mailbox. If they are NOT members of the "U SharedMailbox ....." Group then remove their permissions.

Now do the reverse, check the membership of the group and if they do not have sendas/full controll of the mailbox, add those permissions.

Finally it sends an email of all changes made to our Exchange admin team email account.

What you can do with this, as the control is via a Mailenabled Universal security group, is to add a Manager to the group, that person is the "OWNER" of the shared mailbox. Now from within Outlook, that manager can ADD/REMOVE members from the security group, 15 mins later, all those changes are made in exchange/AD.

Hope that gives you food for thought......
0
 
pyrosdavAuthor Commented:
Thank you for trying. I do appreciate the options. I am not sure I will go this route, but I will keep it in mind.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now