I have a shared mailbox that I need to deploy to one of our departments in an Exchange 2010 SP2 environment with Outlook 2010 clients. I'm trying to rely on the auto-mapping feature introduced by Exchange 2010 SP1, for obvious reasons, but it's not working.
On closer inspection, this would be because it doesn't work with groups, skillfully preventing it from becoming a useful feature for anyone with more than a handful of mail users to administer.
The above link contains a workaround PowerShell script to read a group's membership and directly add those members to have full access permissions, but this doesn't provide the functionality to update the auto-mapping as people join or leave the department.
Does any one know of a way to get this feature functional when groups are used to grant users full access permissions to a mailbox? (Or have any ides about how to approach the problem, even? Right now, I'm thinking of a Powershell script that updates the relevant AD attributes on a regular basis, but… there's gotta be a better way.)
Best Answer
I created this script when we ran into the same issue. Maybe it's not the prettiest thing in the world, but it gets the job done. I have a separate
OU
for the access groups and then another for the resources mailboxes. The groups and resource mailboxes use the same name except for anA-
in front for the group.e.g.
A-RESMBX1
for the group name andREXMBX1
for the resource mailbox.The script enumerates the groups in the groups
OU
and then the resource mailboxes in thatOU
. It then cycles through each group and finds the matching resource mailbox. When a match is found it enumerates the groups' users and then adds them to themsExchDelegateListLink
attribute of the Resource Mailbox.It will also remove users from the
msExchDelegateListLink
attribute that are no longer members of the associated access group. I have this running in a Scheduled Task on a DC.Our need was due to high turnover of interns that needed to have access to a large number of resource mailboxes.
You'd need to update the LDAP paths to the OUs for
$Groups
&$ResMBXs
as well as your DC name for$DomainController