Forum Discussion
AutoMapping Shared Mailbox based on security group
- Automapping works via the user who is granted permissions being stamped on the msExchDelegateLinkList attribute of the target object. This attribute only lists mail objects and not groups. No change with 2016 (or O365, which runs a version of 2016 at the moment)
kilo77
The AutoMapping feature was never intended for use in conjunction with security groups. The primary reason is that not only a permission entry is added to the shared mailbox, regardless of the mailbox type. The user granted full access to the mailbox has a backlink attribute updated. As a result, there are two "pointers", one for each connected direction.
It would be a smarter approach using a PowerShell script to add or remove users from a full access assignment to a mailbox. This would provide the flexibility to add users for full access having AutoMapping enabled or not.
Some organizations prefer to *not* map mailboxes automatically, but require user to add mailboxes manually, as needed.
-Thomas
I understand and has since found this out as well. But my criticism of the MS documentation remains - at least for wording of phrases like:
"Users who are members of the security group will be granted the permissions to the mailbox."
;D
Kind regard,
Simon (Kilo77)
The main issue I'm running into is the ability of users with full access rights given to them by a security group to a shared mailbox being unable to open an encrypted email sent to the shared mailbox. Issue described here https://learn.microsoft.com/en-us/outlook/troubleshoot/user-interface/encrypted-restricted-message-shared-mailbox. The only "fix" is assigning each user to have full access individually so that the mailbox is auto-mapped to Outlook for this functionality to work. Obviously this is not a fix in a large environment with hundreds of mailboxes and thousands of users.
