Solved

Mailbox won't map to members of Security Group granted full mailbox permissions

Posted on 2013-05-10
6
1,186 Views
Last Modified: 2013-05-21
Server Info:
Exchange Standard Version 14.2 (Build 247.5)
Windows Server 2008 R2 Enterprise
Active Directory 6.1.7601.17514

Problem:
When I add a security group to a mailbox with Full Mailbox permissions, whether I do it in the Exchange Management Console with the mouse, or in the powershell console, none of the members of that security group see the mailbox in Outlook.
If I add the users the same way, but individually (not as part of a security group), the mailbox will show up and map.


I'm trying to get this to work with security group so it will be less of a mess managing all the users individually.
0
Comment
Question by:garryshape
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39156052
Automapping only works with a specific user, it doesn't work with a group. That is because the entry to control the mapping is written on the user account.

Therefore if you want to use a group, the users will have to add the mailbox to Outlook manually.

Simon.
0
 

Author Comment

by:garryshape
ID: 39156095
Ok great, thank you for the confirmation. I wonder then if there's a way around this, like to Map the mailbox to the user's Outlook with Powershell, but without adding the individual user to the mailbox. Or would it make more sense and be more feasible to have a daily scheduled script that checks for members of the security group, adds them individually to the mailbox. And if the members are not in the security group, then removes them from the mailbox that the security group has permissions to?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39156186
Your second option is about the only possible if you want to use the auto mapping function. Auto mapping is applied at the user level, so a script that polls group membership and adds the mapping would work.

However you would probably have to script something to remove all users with permissions and then add them back in again. Otherwise how else is it going to know the user has had the group membership removed?

Simon.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:garryshape
ID: 39156338
I'm thinking Security Group is added with full mailbox permissions to a shared mailbox. And whoever we add to, or remove from, the security group, the script will always daily remove individuals from the mailbox that are not members of the SG, and add individuals who are members of the SG.
We maintain the group membership manuall.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 39157928
If you have removed the permission then the script is not going to know that, because it will just parse the membership of the group. The easiest way to script this is as I outlined above - remove the permissions at the start of the script, then parse the membership and add them back in again.

Simon.
0
 

Author Closing Comment

by:garryshape
ID: 39184995
Thanks again, this really helps
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question