Solved

Mailbox won't map to members of Security Group granted full mailbox permissions

Posted on 2013-05-10
6
1,116 Views
Last Modified: 2013-05-21
Server Info:
Exchange Standard Version 14.2 (Build 247.5)
Windows Server 2008 R2 Enterprise
Active Directory 6.1.7601.17514

Problem:
When I add a security group to a mailbox with Full Mailbox permissions, whether I do it in the Exchange Management Console with the mouse, or in the powershell console, none of the members of that security group see the mailbox in Outlook.
If I add the users the same way, but individually (not as part of a security group), the mailbox will show up and map.


I'm trying to get this to work with security group so it will be less of a mess managing all the users individually.
0
Comment
Question by:garryshape
  • 3
  • 3
6 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Automapping only works with a specific user, it doesn't work with a group. That is because the entry to control the mapping is written on the user account.

Therefore if you want to use a group, the users will have to add the mailbox to Outlook manually.

Simon.
0
 

Author Comment

by:garryshape
Comment Utility
Ok great, thank you for the confirmation. I wonder then if there's a way around this, like to Map the mailbox to the user's Outlook with Powershell, but without adding the individual user to the mailbox. Or would it make more sense and be more feasible to have a daily scheduled script that checks for members of the security group, adds them individually to the mailbox. And if the members are not in the security group, then removes them from the mailbox that the security group has permissions to?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
Comment Utility
Your second option is about the only possible if you want to use the auto mapping function. Auto mapping is applied at the user level, so a script that polls group membership and adds the mapping would work.

However you would probably have to script something to remove all users with permissions and then add them back in again. Otherwise how else is it going to know the user has had the group membership removed?

Simon.
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:garryshape
Comment Utility
I'm thinking Security Group is added with full mailbox permissions to a shared mailbox. And whoever we add to, or remove from, the security group, the script will always daily remove individuals from the mailbox that are not members of the SG, and add individuals who are members of the SG.
We maintain the group membership manuall.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
Comment Utility
If you have removed the permission then the script is not going to know that, because it will just parse the membership of the group. The easiest way to script this is as I outlined above - remove the permissions at the start of the script, then parse the membership and add them back in again.

Simon.
0
 

Author Closing Comment

by:garryshape
Comment Utility
Thanks again, this really helps
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now