Friday, April 12, 2013

Exchange Shared Mailboxes



With Exchange 2007 and 2010 we have a new kind of mailboxes, a shared mailbox. A shared mailbox has a disabled AD account to which it is connected. Since the account is disabled, you don’t need to set a password and you can’t use it to login to a workstation! So, they act as a security measure. You will no longer be required to have extra username/password combinations for accessing your network. You can easily assign permissions specifically to those users requiring access.

However, you can’t create these accounts by the Exchange Management Console (EMC)... So, let’s fire up the shell!

Creating a Shared Mailbox

The process to create a share mailbox is exactly the same as a regular mailbox, with the exception of the option –Shared on the New-Mailbox command. For example, let’s create a shared mailbox to where all the Mountaind e-mails will go to:

New-Mailbox –Name Mountain –Alias Mountain –OrganizationalUnit “exchange.com/Users” –Database “Mailbox Database” –UserPrincipalName Mountain@exchange.com -Shared

This way, a disabled AD account will be created in the Organizational Unit Users with an attached mailbox. Since the account is disabled by default, no password is required.

Permissions

Since we don’t want to associate a password with a shared mailbox, we have to grant mailbox permissions for the users who require access to them.

We can assign permissions using security groups or just simply to users. To give me access to the Mountain mailbox, all I have to do is:

Add-MailboxPermission Mountain –User Dinesh –AccessRights FullAccess

Now I have full access permissions to it. However, I’ll probably also want Send-As rights so that I can send e-mails with the shared mailbox's e-mail address.

Add-ADPermission Mountain –User Dinesh–ExtendedRights Send-As

You may want to add permissions to read/write personal information so that users can setup delegates if needed:



Add-ADPermission Mountain –User Dinesh–AccessRights ReadProperty, WriteProperty –Properties “Personal Information”

Accessing Shared Mailboxes

Since I now have full access permissions to this shared mailbox, one method for accessing it is to add it as an additional mailbox within Outlook. To do that:

• Open Outlook

• Go to Tools and click on Account Settings...

• Make sure your e-mail address is select and click on Change...

• Click on More Settings...

• Go to the Advanced tab and on the Open these additional mailboxes add the shared mailbox

This is the best method if you use the shared mailbox a lot as this allows you to read e-mails from the shared mailbox and sending as that e-mail address when desired. Unfortunately, this method will not save items sent as that mailbox to its Sent Items folder. All items sent or deleted within Outlook will be stored in the primary mailbox's Sent or Deleted Items folder.

This is something that doesn’t make sense to me and I hope to see it changed on the next version of Outlook.

You can also create a separate e-mail profile for Outlook to work with just this mailbox, thus preventing the previous “issue”.

The other option you have is, of course, to use Outlook Web Access (OWA). To open the shared mailbox, and since I already have full access permissions to it, I can open it by simply adding the Mountain@exchange.com e-mail address to the end of my normal OWA URL and authenticating using my normal domain credentials, like: https://HUBCAS1/owa/Mountain@exchange.com

Notes:

• The icon on the Exchange Console for a shared mailbox differs from the one for a regular mailbox;

• When check on the Exchange Console, you can see the difference on the Recipient Type Details column: User Mailbox vs Shared Mailbox;

• It’s possible to convert existing mailboxes into shared mailboxes! To do that, all that you need to do is: Set-Mailbox Dinesh–Type Shared;

• To convert it back to a regular mailbox, just use the –Type Regular option.

No comments:

Post a Comment