Forum Discussion
Cody Henschel
Sep 11, 2017Copper Contributor
AutoMapping Shared Mailbox based on security group
Hi, We were under the impression that once on exch 2016 we would be able to use mail enabled security groups for shared mailboxes -- and (this is the important part) still be able to have the aut...
- Sep 11, 2017Automapping works via the user who is granted permissions being stamped on the msExchDelegateLinkList attribute of the target object. This attribute only lists mail objects and not groups. No change with 2016 (or O365, which runs a version of 2016 at the moment)
Deleted
Jul 30, 2018Would removing FullAccess permissions and re-adding via Powershell cause newly added members to get Auto-mapping? Or does it only work on the initial adding of permission to the shared mailbox?
Jul 30, 2018
Re-Adding users (not groups) to the list of users having FullAccess permission will add AutoMapping to those users. Using PowerShell gives you the ability to enabled/disable AutoMapping per user added to the list of users having full access. AutoMapping is enabled/disabled for each user added to the list of users having full access. It is not controlled for the mailbox providing access to.
-Thomas
- DeletedJul 30, 2018
So, to be clear, re-adding a sec group to the Full Access list, in GUI or Powershell, will not grant users of that group Automapping? Is this different on more recent versions of Exchange (2016 and/or O365)?
If no, is there any way to automap users that have access to a mailbox via their group membership?Thank you for your time.
- Jul 31, 2018
You are right. AutoMapping is applied to user accounts added directly to the list of users having FullAccess for a mailbox. AutoMapping is not applied based on an added security group.
Adding a user using GUI -> always AutoMapping:$true
Adding a user using PowerShell -> AutoMapping:$true|$false, as selected
Adding a group using GUI/PowerShell -> AutoMapping not configured aka $false
That behavior has not changed in recent versions.
- kilo77Nov 28, 2018Copper Contributor
Hmmm, ok.
So let me just get this 100% clear because now Nuno and Thomas are saying two different things and one important question has gone unanswered imo.
Nuno states:
When adding a mail-enable security group with users in it, these users WILL get AutoMapping:$true at this point.
Someone points out:
Yes, but ONLY right then and there. Adding more users to the group will not set AutoMapping:$true for these newly added users.
Thomas then states:
No. User Groups does not work with shared mailboxes and automapping. Period.
So here is my summarization and conclusive question to all this.
I havent testet this myself, but it sound to me it should be possible to:- Create a mail-enabled security group for automapping (or mail-enable an existing)
- Add this group to a shared mailbox by GUI or powershell and thus have the AutoMapping:$true set for all members by doing so.
- Future additions to this user group will then require removal and re-adding of said user group to ensure new members also get AutoMapping:$true
If this is the case, it could actually be a viable solution for me. Then simple automation could ensure the last action somehow.
I hope to find time to test this in the very near future.