Outlook issues with multiple mailboxes in O365

We have recently migrated our Exchange mailboxes to the Office365 hosted solution. For most people this is working fine, but there is one manager who is having performance issues in Outlook (2013, running on Windows 7 pro)

This manager has approx 5 shared mailboxes plus 7 'other users' mailboxes open in her Outlook and is finding that Outlook is very slow to switch between one mailbox and another - it will sometimes show as 'not responding' for 30 seconds or so before displaying the e-mails, or it might show as 'not connected' in the Outlook status bar whilst it tries to load the e-mails.

My question is in 2 parts :-
1. Are there any ways to improve the performance with the current setup - eg having cached mode on or off . I'm not sure what the default option is for caching - it's currently 'on' and her OST file is about 3GB, which is the size of the mailbox.

2. If the problem is caused by too many mailboxes, then we'd be happy to close them all and just allow them to be opened 'on demand'. It seems that, if we add 'Full Access' permissions for the manager to a user's mailbox, the mailbox automatically gets pushed out to the managers outlook. So for the next step, I've removed 'Full Access' permissions  

The manager is a member of the 'Domain Admins' security group, although this group does not show in the O365 console - it only shows on our local AD which is sync'd (one way only) with O365

We've added one of the users' (Sean) mailbox to the manager's Outlook using the Account Settings | More Settings | Advanced 'Add Mailbox' option.

Here is a screen dump of the permissions on one of the users mailboxes. However the manager is NOT able to open Sean's mailbox - it gives the message 'Cannot expand folders'

I then created a new security group in the O365 console (which obviously  will not sync back to the local AD) and put the manager in it, then used this command :-

add-mailboxpermission sean2 -user "accountsaccess" -accessrights fullaccess -inheritancetype all

Now the permissions are changed and the manager CAN see Sean's mailbox

My question here is, why does it not allow her access through 'Domain Admins' - I've got enough security groups in AD to manage all these types of permissions, so don't want to have to create more in O365
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think you are confusing the local domain admins and the domain admin you're seeing in the powershell (which is on an Office365 server).
When you sync your accounts, domain admins is not synced (as they're totally not on the same level). The domain admin you see in the powershell is REALLY the domain admin for the whole MS server park. Adding a user to your local domain admin user group, and then syncing, would not put the user to the remote domain admin, as you would have the power to control the whole MS server park, which would be an unimaginable security leak.
There's a workaround (but doesn't comply with your parameters to keep it easy), and requires some of work, see here: http://blog.msgeneral.nl/2011/11/use-existing-ad-security-groups-to.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michael986Author Commented:
Thanks Kimputer - yes, I think you're correct. That would explain my confusion.

And the workaround seems OK - I don't mind spending a bit of time getting things setup properly at the outset - should make things easier in the long run

If possible, remove users from the domain admin group now. For your own local domain, it's a grave security risk.  One accidental click on a virus, and the whole domain might get infected, instead of just that computer (or even better, just his local user profile).
Michael986Author Commented:
We don't actually have any normal users in the Domain Admins group - I just used it for testing purposes and to easily highlight my query.

But thanks for the followup - it's good advice.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.