Granular Permissions on a Shared Mailbox

Similar Messages

• Exchange Online - Set FOLDER permissions recursively in shared mailbox

  I posted this in the 365 forums. Reposting here see if it gets any traction. Thanks
  I have a shared mailbox that is being used instead of public folders. Having trouble with the folders within the shared mailbox syncing to the various users. Want to move folders out of the shared
  mailbox but continually run into errors regarding permissions and I must manually find the offending subfolder and set permissions.<o:p></o:p>
  So, I have two questions:<o:p></o:p>
  1. How can I configure the shared mailbox so that all folders that are created, regardless of which user creates them, will inherit permissions. Any folder created should automatically have permissions
  set to owner for a specific security group.<o:p></o:p>
  2. How can I set the permissions on these exisiting shared mailbox folders, recursively (all sub folders) ? I have tried the following:<o:p></o:p>
  Get-MailboxFolder –Identity user1:\Folder -Recurse | Add-MailboxFolderPermission -User user2 -AccessRights Owner<o:p></o:p>
  But I get an error that the mailbox is not found. I believe that the command above does not work on shared mailboxes.<o:p></o:p>
  I also found the following, but can not seem to get it to run. I have tried to run as a ps1 file and directly in powershell - I dont get any errors.<o:p></o:p>
  ForEach($f in (Get-MailboxFolderStatistics
  [email protected] | Where { $_.FolderPath.Contains("/") -eq $True } ) )
  $fname = "[email protected]:" + $f.FolderPath.Replace("/","\"); Add-MailboxFolderPermission $fname -User
  [email protected] -AccessRights Owner
  Write-Host $fname
  Start-Sleep -Milliseconds 1000
  }<o:p></o:p>
  Any help is appreciated. Thanks<o:p></o:p>

  First of all, why don't you just give permissions on the mailbox level instead?
  If Office 365, the
  Get-MailboxFolder cmdlet only works for you own mailbox. So you have to use the  Get-MailboxFolderStatistics as shown in the example. You will need to adjust this to give permissions to the Root folder and its best to actually exclude some of the
  folders.
  The example below should work, note that there is practically no error handling there, so test it first. Also, if the access entry already exists, you will get error messages.
  $mailbox = "[email protected]"
  $folders = Get-MailboxFolderStatistics $mailbox | ? {$_.FolderType -ne “Root” -and $_.FolderType -ne “Recoverableitemsroot” -and $_.FolderType -ne “Audits” -and $_.FolderType -ne “CalendarLogging” -and $_.FolderType -ne “RecoverableItemsDeletions” -and $_.FolderType -ne “RecoverableItemspurges” -and $_.FolderType -ne “RecoverableItemsversions”}
  Add-MailboxFolderPermission $mailbox -User [email protected] -AccessRights Reviewer #root permissions
  foreach ($folder in $folders) {
  $FolderPath = $folder.FolderPath.Replace("/","\").Replace([char]63743,"/") #with PowerShell v3 'fix'
  $MailboxFolder = "$mailbox`:$FolderPath"
  Add-MailboxFolderPermission "$MailboxFolder" -User [email protected] -AccessRights Reviewer

• Exchange 2010 Shared mailbox permissions gone

  In Exchange2010, I created a shared mailbox yesterday, then granted several groups and individuals "full access permissions" to the Shared mailbox.
  When I arrived at work this morning and looked at the permissions, all the permissions  I had assigned were gone, except for a single individual. 
  I re-applied the same permissions and checked them an hour later and they were gone again.  I thought it may be related to the groups, so I selected several individuals and gave them Full Access Permissions to the Shared Mailbox.  I checked
  that some time later to discover that several individuals were missing again..  
  What might cause this to happen

  Hi,
  As Willard suggested, please check if these problematic mailboxes are members of Domain Admins or Enterprise Admins. Domain Admins and Enterprise Admins are assigned the explicit Deny permissions for Send As and Receive as on the main Exchange Organization
  object in AD. If you want to grant them full access permission, you need to remove the explicit Deny permissions.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• One shared mailbox with multiple distribution groups connected and the sent items folder - how to configure?

  Hi!
  I have been struggling for a while now with the following issue.
  For starters:
  We are using exchange 2010 in combination with outlook 2013 on client computers.
  Cause of the limitations concerning the number of mailboxes in outlook im looking for a solution to receive and reply 
  to multiple aliasses. So i did the following:
  1. Configured one shared mailbox.
  2. Configured multiple distribution groups
  3.  made the shared mailbox a member of the distribution groups
  4. Configured full access and send as permissions for myself on the shared mailbox ( testing )
  5. Gave send as permissions to the shared mailbox in Active directory. 
  6.  Logged in to OWA to setup rules for the shared mailbox.
  I now receive emails from all connected distribution groups in the shared mailbox and also in the right folder.
  I do however have to select the proper from address when i reply to an email. 
  the email sent by the main SMTP of the shared mailbox is placed into the sent folder of the shared mailbox. 
  I setup the senddelagate blabla in register.....
  When i sent an email as one of the connected distribution groups it fails to put the sent item in the sent items folder of the shared mailbox. The email is sent using the proper address but placed in the sent folder of my main account. 
  I want this emails to end up in the sent items folder of the shared mailbox. Or even better, in a sent items folder for each of the addresses. 
  Any suggestions ? 
  Thanks in advance!

  Hi,
  As what
  Rajkumar says, sending as a shared mailbox(full access permission) will put the email in the sent item of shared mailbox. But it cannot be located in the “sent item” of a distribution group. Because
  it is a distribution group instead of a enabled user mailbox.
  According to your further description, I understand that the reason why you configure that is some users reached the
  limitation about the number of Exchange accounts you can include in the same Outlook profile. Is it rights? If I misunderstand, please point it out.
  By default, user can only add 10 Exchange accounts to the same profile. You can customize the limit to the number Exchange accounts in the same profile using the following registry data:
  Key: HKEY_CURRENT_USER\software\policies\Microsoft\exchange
  DWORD: MaxNumExchange
  Value: integer value starting at 1 (default = 10 if DWORD is missing)
  http://blogs.technet.com/b/outlooking/archive/2012/12/24/clarification-on-outlook-2010-and-additional-exchange-account-supportability.aspx
  Hope it helps.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Shared mailbox and personal mailbox showing identical content in Outlook

  I have one user on Outlook 2010 who has Full Access permissions to a shared mailbox. In OWA, everything looks fine, but in Outlook, the shared mailbox shows the contents of her personal mailbox instead of the content of the shared mailbox.
  If she views the shared mailbox's Inbox, it shows her the contents of her own Inbox instead of the shared mailbox. If she attempts to view the shared mailbox's Calendar, it shows her nothing at all. There are no error messages.
  I configured a separate Mail profile (via Control Panel) for the shared mailbox, and that works fine also.
  I deleted her Mail profile and all cached Outlook data, then created a new profile, and let Outlook recache all the data. Same problem.
  Any ideas what is going on or how to fix it?
  Blog /
  Facebook / Twitter

  Finally some moderately helpful info:
  The end user logs into a computer on an untrusted, foreign AD domain (domain2.com) using an account from that domain. She then logs into her Exchange mailbox in Outlook using her domain.com account.
  Every domain2.com computer she logs into gives her the same random mailbox mirroring problem.
  I had her log into Outlook on a computer on domain.com located in my office and leave it running for 3 days. Every time her Outlook client on her regular computer would start or stop mirroring mailboxes, she would let me know, and I'd check the computer
  in my office and find no problem.
  So the problem is something in the foreign domain or something that that domain's administrators are doing to the computers. Unfortunately, several other people on that domain are using mailboxes and shared mailboxes on my Exchange servers in the exact same
  configuration and are not having this problem. It is only this one user.
  I am pretty sure they are not using roaming profiles. I know they are not using mandatory profiles.
  Blog /
  Twitter

• Message recall from shared mailbox greyed out Outlook 2010

  Hello,
  Can anyone advise if it's possible to recall a message sent from a shared mailbox? The user has full access permissions to the shared mailbox but the 'recall this message' option is greyed out.
  We have installed the hotfix below but it says the update is already installed on the system?
  http://support.microsoft.com/kb/2475877/en-gb
  This is using Windows 8, Outlook 2010 32bit and Exchange 2007 SP3.

  Hi,
  Try to remove and grant the user the permission to the shared mailbox again to see if the issue still exists.
  This issue should have been fixed by kb2475877, please also make sure Office is patched up to date.
  We can try with a new profile to setup the account, check if the issue persists:
  http://support.microsoft.com/kb/829918/en-us
  Regards,
  Melon Chen
  TechNet Community Support

• Sent items from a shared mailbox are not saved with the shared mailbox

  I'm experiencing an issue regarding the sent items from a shared mailbox. 
  The users would like the items Sent on Behalf of a shared mailbox to be saved within this shared mailbox.
  At this moment, the Sent Items are saved in the users own mailbox.
  We have a single Microsoft Exchange Server 2010 (Version 14.3 Build 123.4) and Users connecting the Exchange Server are using Microsoft Outlook 2007 (12.0.6680.5000) SP3 MSO.
  The user is granted full access permissions on the shared mailbox, and also has "Send on Behalf" permissions on the mailbox. The mailbox is setup as an "online" mailbox, so it doesn't use cached mode.
  I tried the following solutions mentioned in the various KB's and technet articles:
  Configuring the "DelegateSentItemsStyle" registry setting for this user (using a GPO)
  Configured the "Get-MailboxSentItemsConfiguration" cmdlet for this user
  Logged on to OWA and changed the "Sent Items" settings to save the sent items in both mailboxes
  None of these settings worked, not combined and neither seperately.
  Is there anyone who can help me resolving this issues?
  Thanks in advance,
  Roy Schottmans

  I am using a shared mailbox (with a disabled account) where I get sent items and also deleted items placed in the right folders.
  I think it’s just a matter of how you configure Outlook. It works well for me in both Outlook 2010 and Outlook 2013, cached mode and also online mode. You can add a shared mailbox to your Outlook profile in at least two ways where one of them doesn’t work
  but the other does.
  If you add the shared mailbox via the File tab/Account settings/New/ and just enter the e-mail address of the shared mailbox in the Auto Account Setup page. No name, no password, just the e-mail address and click Next and voila “Your e-mail account is successfully
  configured”. After restarting Outlook you will find the shared mailbox below your own in the left pane.
  If you click the inbox ones in the shared mailbox and then open a new mail you will see the shared mailbox display name in the From field. After sending the mail you will see the mail in the Sent Items folder of the shared mailbox. If you delete a mail in
  the shared mailbox you will see it in Deleted items folder of the shared mailbox.
  The prerequisits for this is that you have “full access” and “send as” rights of the shared mailbox.
  This was accomplished without using the Set-MailboxSentItemsConfiguration command.
  We are running Exchange 2010 SP3 RU4.
  Jonas Borelius

• Email stuck in outbox if sending mail from a shared mailbox

  Hi,
  Some user mailboxes have recently been migrated from Exchange 2003 to Exchange 2010.  Shared mailboxes are located on Exchange 2003 still for the time being.
  Some users have send as permissions to a shared mailbox.  In Outlook the users are logged in as themselves and using the from field send an email from the shared mailbox.
  The email is sent and delivered to its recipient.
  The email is however stuck in the outbox of the users mailbox.
  I have tried recreating the Outlook profile, windows profile and using a different PC, but the mails still get stuck in the outbox.
  If outlook is changed to use cached mode then the emails are delivered.  We don't want customers using cached mode though.
  If I migrate the shared mailbox to Exchange 2003 I still have the problem.
  If I migrate the users mailbox to Exchange 2003 then the problem goes away.
  On the Laptop I am testing this on it is Windows 7, Office 2003.  I have also tested on another computer with Windows 7 and Outlook 2007. Outlook safe mode doesn;t help or turning off windows firewall.
  Has anyone experienced a similar issue?
  Regards
  Matt

  Hi,
  Based on your description, I found this kb below:
  http://support.microsoft.com/kb/2703723/en-us
  This problem occurs when all the following conditions are true:
  Your Outlook profile is configured in online mode (not cached Exchange mode).
  You have the DelegateSentItemsStyle registry value set to 1.
  There is no resolution to this problem other than to either switch your profile to cached Exchange mode or set the DelegateSentItemsStyle registry value to zero (0).
  Note If you set DelegateSentItemsStyle=0 in the registry, email messages that you send from a shared mailbox will be copied to
  your Sent Items folder and not the Sent Items folder of the shared mailbox.
  Important
  This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the
  registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry,
  http://windows.microsoft.com/en-US/windows7/Back-up-the-registry
  1.Exit Outlook.
  2.Start Registry Editor.
  Click Start, type regedit in the Start Search
  box, and then press Enter. If you are prompted for an administrator password or for confirmation, type the password, or click
  Allow.
  3.Locate and then select the following registry key:
  HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Preferences
  （Note In this key path, the placeholder x.0represents 15.0 for Outlook 2013, 14.0 for Outlook 2010, 12.0 for Outlook 2007, and
  11.0 for Outlook 2003.）
  4.Select the DelegateSentItemsStyle value.
  5.On the Edit menu, click Modify.
  6.Type 0, and then click OK.
  7.Exit Registry Editor.
  8.Start Outlook.
  Regards,
  Melon Chen
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Message recall outlook 2010 greyed out for shared mailboxes

  Hello,
  Can anyone advise if it's possible to recall a message sent from a shared mailbox? The user has full access permissions to the shared mailbox but the 'recall this message' option is greyed out.
  We have installed the hotfix below but it says the update is already installed on the system?
  http://support.microsoft.com/kb/2475877/en-gb
  This is using Windows 8, Outlook 2010 32bit and Exchange 2007 SP3.

  Hi,
  Recall message is an Outlook feature. Actually, we have a dedicated support team regarding the Microsoft Office Outlook. I recommend you ask your question on our Outlook forum which is staffed by more experts specializing in this kind of problems. Thanks
  for your understanding.
  For your convenience:
  http://social.technet.microsoft.com/Forums/office/en-US/home?forum=outlook
  Hope it helps.
  If you have any problem with Exchange server, welcome to our Exchange forum.
  Best regards,
  Amy Wang
  TechNet Community Support

• Disappearing folders from shared mailboxes

  We have this ongoing problem and just can't find a solution for it.  We have a number of users that have a shared mailbox.  They frequently get into the situation where one person can see a subfolder but others can't.  The folder is actually
  where it should be but only some of them can see it.  All permissions are wide open for them.
  So we disable their cache.  Then outlook goes right down the tubes; searches take forever, outlook frequently locks up and spins... it's either one hell or the other.
  What can we do to fix this?
  Thanks!

  Hi,
  Please confirm the mailbox permission between the problematic users and his shared mailbox.
  If these users have full access permissions to the shared mailbox, the subfolders should be available to these users. Pease create a new Outlook profile to have a try:
  http://support2.microsoft.com/kb/829918/en-us
  If the problematic user just has Owner permission to the Inbox folder in the shared mailbox, the new created subfolder may not be visible to other users. We need to add folder permission for the new created subfolders.
  Regards,
  Winnie Liang
  TechNet Community Support

• O365 client stopped opening shared mailboxes

  Hello all,
  I had users that have been accessing shared mailboxes from their outlook clients for weeks with no issues. All of a sudden, whenever they try to access the shared mailboxes, the cursor spinds until it times out and then brings up a dialog box saying:
  The set of folders cannot be opened. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance.
  Our Exchange server is E365, so it is definately up. The permissions on the shared mailbox are correct, because you can open the shared mailbox using OWA.
  Any ideas why the long term function of "open these additional mailboxes" under the main account would no longer function?
  Thank you!
  -Karl

  Hi Karl,
  As you mentioned, you can open the shared mailbox using OWA. Thus, the permissin on the shared mailbox should be correct. The issue may be related to Outlook client.
  Please remove the shared mailbox from "Open these additional mailboxes", apply it. Then re-add it back to check if the shared mailbox can be opened now. If the issue persists, please uncheck User Exchange Cached mode in Account Settings and
  verify whether the shared mailbox can be opened in Outlook Online mode.
  If the issue doesn't continues in Online mode, it may be caused by corrupted profile. We can
  create a new Outlook profile to have a try.
  Regards,
  Winnie Liang
  TechNet Community Support

• Sent Items (cached mode) not going to shared mailbox 'sent items.' Permissions Correct.

  Hello,
  I have about 15 users that work out of a shared mailbox.  According the article below, the email should go the the 'sent items' folder of the shared mailbox and this is not happening.
  http://blogs.technet.com/b/maliks/archive/2013/01/14/how-to-have-separated-sent-items-folder-in-shared-mailbox-in-outlook-2007-and-2010-exchange-server-2007-or-2010.aspx
  The users have Full Control Permissions - set from Exchange Mgmt Console.  They are members of the Security Group that has FC Permissions.  Outlook is in cached mode.
  Do the user accounts needs FC Permissions directly on the mailbox - as opposed to using a Security Group?
  Please Advise,
  Thank you

  I have not added the registry entries.
  Per the article - I have all users setup as described below - which is listed as the 2nd workaround.
  2. For Outlook 2010, you can also add the additional mailboxes as an additional Exchange account for this to work. However, this requires you to have full mailbox
  access rights for the additional mailbox (this has to be set by your Exchange administrator). You can then select it as a sending account and will be sending the message
  “as” that mailbox instead of “on behalf of” that mailbox.
  Thanks

• Easier way to find shared mailbox permissions

  I'm wondering if there's a way to query for what I will call the reverse record for auto-mapping. Outlook dynamically adds shared mailboxes that the user has permission to. Is Outlook brute force searching though all objects looking for permission, or is
  there a PowerShell command that I can use to find them quickly.
  Something like:
  get-AutoMappedMailboxes -user [email protected]
  and it would return the list of mailboxes the user has permissions to:
  sales
  accounting
  etc
  This would be a cool feature, if not already there!

  Hi,
  In addition to Ed's suggestion, I would like to clarify the following thing:
  If you want to prevent auto-mapping, you need to add -AutoMapping:$false to the Add-MailboxPermission command. If access has already been granted you should first remove it. Then run Add-MailboxPermission again with auto-mapping disabled.
  Hope this can be helpful to you.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Amy Wang
  TechNet Community Support

• Unable to manage SendAs permissions on shared mailbox

  This morning when we came in all of the sendas permissions for our helpdesk mailbox were missing.   When I try to add them with the Exchange console I get a message that says the user does not have sufficient permissions.
  We are Exchange 2010 running on 2008R2,  Active Directory is 2008 native.
  I added the sendas permission for the users from Powershell and they now show up in the console but they still cannot sendas the user.  I read another post that says we need to wait for replication and I will wait.
  My question is what is causing the permissions error?  We also get it when we try to remove an error.

  Hi,
  From your description, I recommend you follow the steps below to ensure that this send as permission is granted successfully.
  Open ADUC -> View -> Advanced Features -> right click user1 -> Properties -> Security -> make sure user2 is listed in the "Group or user names" and allow "Send as" permission.
  If no, please add user2 to it and select "Send as" Allow to check the result.
  Note: Please change user1 and user2 to the users you need.
  Hope this can be helpful.
  Best regards,
  Amy Wang
  TechNet Community Support

• Exchange 2013 - Shared Mailbox Permissions

  Here is what I am trying to do. I would like to create a shared mailbox in exchange 2013 for time off requests for my employees. I will have the mailbox to be something like
  [email protected] If an employee is sick or requesting time off, they can email this shared mailbox or send a meeting request.
  I would then like the ability for ALL employees to be able to have read access to the mailbox and Calendar associated with it, and I would like to have managers have Full access to it and to be able to approve calendar requests so that they are entered into
  the calendar.
  Is this possible? How can I set read only to the inbox and calendar for a shared mailbox? I would also like to be able to have the shared mailboxes automatically added to all user's Outlook.
  Thanks!

  Simply grant Full Access to the managers.  Then for everyone else you can grant read only access to just the Calendar.
  Here is an example on how to do this -
  http://exchangeshare.wordpress.com/2009/07/07/how-to-setup-read-only-mailbox-in-exchange-20032007/.
  Let me know if that works.
  JAUCG - Please remeber to mark replies as helpful if they were or as answered if I provided a solution.