Solved

Mailbox won't map to members of Security Group granted full mailbox permissions

Posted on 2013-05-10
6
1,152 Views
Last Modified: 2013-05-21
Server Info:
Exchange Standard Version 14.2 (Build 247.5)
Windows Server 2008 R2 Enterprise
Active Directory 6.1.7601.17514

Problem:
When I add a security group to a mailbox with Full Mailbox permissions, whether I do it in the Exchange Management Console with the mouse, or in the powershell console, none of the members of that security group see the mailbox in Outlook.
If I add the users the same way, but individually (not as part of a security group), the mailbox will show up and map.


I'm trying to get this to work with security group so it will be less of a mess managing all the users individually.
0
Comment
Question by:garryshape
  • 3
  • 3
6 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39156052
Automapping only works with a specific user, it doesn't work with a group. That is because the entry to control the mapping is written on the user account.

Therefore if you want to use a group, the users will have to add the mailbox to Outlook manually.

Simon.
0
 

Author Comment

by:garryshape
ID: 39156095
Ok great, thank you for the confirmation. I wonder then if there's a way around this, like to Map the mailbox to the user's Outlook with Powershell, but without adding the individual user to the mailbox. Or would it make more sense and be more feasible to have a daily scheduled script that checks for members of the security group, adds them individually to the mailbox. And if the members are not in the security group, then removes them from the mailbox that the security group has permissions to?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39156186
Your second option is about the only possible if you want to use the auto mapping function. Auto mapping is applied at the user level, so a script that polls group membership and adds the mapping would work.

However you would probably have to script something to remove all users with permissions and then add them back in again. Otherwise how else is it going to know the user has had the group membership removed?

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:garryshape
ID: 39156338
I'm thinking Security Group is added with full mailbox permissions to a shared mailbox. And whoever we add to, or remove from, the security group, the script will always daily remove individuals from the mailbox that are not members of the SG, and add individuals who are members of the SG.
We maintain the group membership manuall.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39157928
If you have removed the permission then the script is not going to know that, because it will just parse the membership of the group. The easiest way to script this is as I outlined above - remove the permissions at the start of the script, then parse the membership and add them back in again.

Simon.
0
 

Author Closing Comment

by:garryshape
ID: 39184995
Thanks again, this really helps
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now