Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Mailbox won't map to members of Security Group granted full mailbox permissions

Posted on 2013-05-10
6
Medium Priority
?
1,218 Views
Last Modified: 2013-05-21
Server Info:
Exchange Standard Version 14.2 (Build 247.5)
Windows Server 2008 R2 Enterprise
Active Directory 6.1.7601.17514

Problem:
When I add a security group to a mailbox with Full Mailbox permissions, whether I do it in the Exchange Management Console with the mouse, or in the powershell console, none of the members of that security group see the mailbox in Outlook.
If I add the users the same way, but individually (not as part of a security group), the mailbox will show up and map.


I'm trying to get this to work with security group so it will be less of a mess managing all the users individually.
0
Comment
Question by:garryshape
  • 3
  • 3
6 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39156052
Automapping only works with a specific user, it doesn't work with a group. That is because the entry to control the mapping is written on the user account.

Therefore if you want to use a group, the users will have to add the mailbox to Outlook manually.

Simon.
0
 

Author Comment

by:garryshape
ID: 39156095
Ok great, thank you for the confirmation. I wonder then if there's a way around this, like to Map the mailbox to the user's Outlook with Powershell, but without adding the individual user to the mailbox. Or would it make more sense and be more feasible to have a daily scheduled script that checks for members of the security group, adds them individually to the mailbox. And if the members are not in the security group, then removes them from the mailbox that the security group has permissions to?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 39156186
Your second option is about the only possible if you want to use the auto mapping function. Auto mapping is applied at the user level, so a script that polls group membership and adds the mapping would work.

However you would probably have to script something to remove all users with permissions and then add them back in again. Otherwise how else is it going to know the user has had the group membership removed?

Simon.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:garryshape
ID: 39156338
I'm thinking Security Group is added with full mailbox permissions to a shared mailbox. And whoever we add to, or remove from, the security group, the script will always daily remove individuals from the mailbox that are not members of the SG, and add individuals who are members of the SG.
We maintain the group membership manuall.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 39157928
If you have removed the permission then the script is not going to know that, because it will just parse the membership of the group. The easiest way to script this is as I outlined above - remove the permissions at the start of the script, then parse the membership and add them back in again.

Simon.
0
 

Author Closing Comment

by:garryshape
ID: 39184995
Thanks again, this really helps
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month11 days, 23 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question