troubleshooting Question

remove the delegate attribute or shared mailbox attribute from a user mailbox

Avatar of Lambton
Lambton asked on
ExchangeOutlookEmail ServersPowershell
8 Comments1 Solution1832 ViewsLast Modified:
We have an Exchange 2010 environment.  We have a Barracuda Message Archiver.

A feature of barracuda archiver is the ability to search shared mailboxes, which is great for legitimate shared mailboxes, however there is a flaw in the design... if USER1 in outlook uses the "Delegate Access" tool to assign permissions to their calendar (leaving 'none' on the inbox) to USER2, the delegate USER2 automatically gets the ability to search everything in this users mailbox archive.  USER1 didn't give USER2 permission to their emails, only to their calendar, and in outlook that's what USER2 can see, but in Barracuda they can search for everything back to the beginning of time.  This is not good.  The fix would be to remove USER2 from USER1's delegate list completely, and then grant USER 2 permission to the calendar folder in outlook (using folder permissions).  I've contacted Barracuda Support and they said there isn't anything they can do at this time and that they'd look into adding it as a feature in the future, but for now the barracuda system simply looks for the LDAP attribute that specifies the mailbox as shared and to who, and for whatever reason outlook tags the user mailbox as a shared mailbox when the delegate access tool is used.

So here's the problem, when you remove the user from the delegate list, it also removes the users permission from the calendar folder (if that's what was previously granted), so you have to document the permissions before removing the user from the list and then manually re-add the appropriate folder permissions.  This is fine for a couple mailboxes, but we have this issue on hundreds, so...

What I'd like to accomplish is a script or powershell command that would simply remove the "shared mailbox" or "delegate" attribute from the user mailbox leaving the folder permissions in place that were set by the delegate access tool.

I hope this makes sense.
Thanks,
Steve
ASKER CERTIFIED SOLUTION
Adam Brown
Cloud Security Consultant
Join our community to see this answer!
Unlock 1 Answer and 8 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros