Solved

Mailbox won't map to members of Security Group granted full mailbox permissions

Posted on 2013-05-10
6
1,163 Views
Last Modified: 2013-05-21
Server Info:
Exchange Standard Version 14.2 (Build 247.5)
Windows Server 2008 R2 Enterprise
Active Directory 6.1.7601.17514

Problem:
When I add a security group to a mailbox with Full Mailbox permissions, whether I do it in the Exchange Management Console with the mouse, or in the powershell console, none of the members of that security group see the mailbox in Outlook.
If I add the users the same way, but individually (not as part of a security group), the mailbox will show up and map.


I'm trying to get this to work with security group so it will be less of a mess managing all the users individually.
0
Comment
Question by:garryshape
  • 3
  • 3
6 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39156052
Automapping only works with a specific user, it doesn't work with a group. That is because the entry to control the mapping is written on the user account.

Therefore if you want to use a group, the users will have to add the mailbox to Outlook manually.

Simon.
0
 

Author Comment

by:garryshape
ID: 39156095
Ok great, thank you for the confirmation. I wonder then if there's a way around this, like to Map the mailbox to the user's Outlook with Powershell, but without adding the individual user to the mailbox. Or would it make more sense and be more feasible to have a daily scheduled script that checks for members of the security group, adds them individually to the mailbox. And if the members are not in the security group, then removes them from the mailbox that the security group has permissions to?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39156186
Your second option is about the only possible if you want to use the auto mapping function. Auto mapping is applied at the user level, so a script that polls group membership and adds the mapping would work.

However you would probably have to script something to remove all users with permissions and then add them back in again. Otherwise how else is it going to know the user has had the group membership removed?

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:garryshape
ID: 39156338
I'm thinking Security Group is added with full mailbox permissions to a shared mailbox. And whoever we add to, or remove from, the security group, the script will always daily remove individuals from the mailbox that are not members of the SG, and add individuals who are members of the SG.
We maintain the group membership manuall.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39157928
If you have removed the permission then the script is not going to know that, because it will just parse the membership of the group. The easiest way to script this is as I outlined above - remove the permissions at the start of the script, then parse the membership and add them back in again.

Simon.
0
 

Author Closing Comment

by:garryshape
ID: 39184995
Thanks again, this really helps
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question