This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 19%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
I've been searching for a solution, but until now couldn't find one.
We are using an Exchange 2019 environment which include users and shared mailboxes.
Due to the fact that we would like to use IAM software we would like to have access to a shared mailbox for users using mail enable security groups.
When we add a user directly to a shared mailbox, automapping is enabled and users can see the shared mailbox in their Outlook.
As soon as we only use mail enabled security groups, automapping isn't working and users have to add the mailbox manually to their Outlook profile.
The question is, is there a way that we can set automapping with security groups (what isn't working right now) or is there a possibility that we can use a script that can automatically add the shared mailbox to Outlook based on membership of a security group?
Processes in Microsoft 365 for setting up Office apps, redeeming product keys, and activating licenses.
A powerful email and collaboration platform developed by Microsoft, designed to support enterprise-level communication and productivity. Miscellaneous topics that do not fit into specific categories.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, @Bakker, Ron,
Just wanted to check if the answer shared below helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
Best Wishes,
Alex Zhang
Hi Alex, we are investigating if this helps us.
Shame that Automapping isn't supported by MS yet, while more and more companies are using IAM tools for their users and using security groups makes usermanagement a whole lot of easier.
I'l get back to this as soon as we have tested your solution to let you know the results.
Hello, @Bakker, Ron,
Thank you for your reply and wait for your next update.
Should you need more help on this, you can feel free to post back.
Best Wishes,
Alex Zhang
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 73%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hi Ron
We have developed a solution that enables the use of Security Groups for Shared Mailboxes, including a working automapping solution for Outlook (Classic), the new Outlook, and OWA. Feel free to PM me for more details.
Manfred
Hello, @Bakker, Ron,
Welcome to the Microsoft Q&A platform!
Yes, automapping isn't currently supported for mail-enabled security groups in Exchange. However, you can use a PowerShell script to automatically add a shared mailbox to Outlook based on group membership.
Here's a basic example of what the script might look like:
# Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName <******@domain.com> -ShowProgress $true
# Get the list of users in the security group
$groupMembers = Get-DistributionGroupMember -Identity "YourSecurityGroup"
# Loop through each member and add the shared mailbox
foreach ($member in $groupMembers) {
Add-MailboxPermission -Identity "SharedMailbox" -User $member.PrimarySmtpAddress -AccessRights FullAccess -AutoMapping $false
}
Test Results:
This script connects to Exchange Online, retrieves the members of the specified security group, and grants them Full Access to the shared mailbox without automapping. Users will need to manually add the shared mailbox to their Outlook profile, but this can be streamlined with instructions or a separate script.
Should you need more help on this, you can feel free to post back.
If the answer is helpful, please click on “Accept answer” as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.
Thank you for your support and understanding.
Best Wishes,
Alex Zhang
Just to be sure:
We have an on-premiss Exchange 2019 environment.
Does this also work, because you mention Exchange Online in your posting.
And another question, we would like to have the Shared Mailbox connected to the users Outlook without user intervention. Is that possible?
Hello, @Bakker, Ron,
Thanks for pointing that out! For an on-premises Exchange 2019 environment, you can indeed use a similar approach with PowerShell.
Here's a combined solution for automatically adding a shared mailbox to users' Outlook profiles based on their membership in a security group, specifically for an on-premises Exchange 2019 environment:
Step 1: Grant Full Access Permissions
First, ensure that users have Full Access permissions to the shared mailbox without automapping. Use the following PowerShell script in the Exchange Management Shell:
# Get the list of users in the security group
$groupMembers = Get-DistributionGroupMember -Identity "YourSecurityGroup"
# Loop through each member and add the shared mailbox
foreach ($member in $groupMembers) {
Add-MailboxPermission -Identity "SharedMailbox" -User $member.PrimarySmtpAddress -AccessRights FullAccess -AutoMapping $false
}
Step 2: Create a PowerShell Script to Configure Outlook
Next, create a PowerShell script that configures Outlook profiles to include the shared mailbox:
# Define the shared mailbox and user
$sharedMailbox = "******@domain.com"
$user = $env:USERNAME
# Define the Outlook profile
$profileName = "Outlook"
# Add the shared mailbox to the user's Outlook profile
New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles\$profileName\9375CFF0413111d3B88A00104B2A6676" -Name "00000003" -PropertyType String -Value $sharedMailbox
Step 3: Deploy the Script via Group Policy
To ensure the script runs automatically for users, deploy it using Group Policy:
This setup will grant the necessary permissions and automatically add the shared mailbox to users' Outlook profiles without requiring any user intervention.
If the answer is helpful, please click on “Accept answer” as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.
Thank you for your support and understanding.
Best Wishes,
Alex Zhang
Hello, @Bakker, Ron,
Just wanted to check if the answer shared below helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
Best Wishes,
Alex Zhang
No, automapping is only supported when you add the permissions directly, not via group. There have been some improvements on this for the new Outlook client, but that one has no support for on-premises Exchange currently.
You can certainly script the process to add permissions based on group membership, if automapping is a must. Something like this should work:
Get-DistributionGroupMember ******@domain.com | ? {$.RecipientTypeDetails -eq "UserMailbox"} | % { Add-MailboxPermission ******@domain.com -User $($.PrimarySmtpAddress) -AccessRights FullAccess }
I understand that automapping isn't supported via groups (yet but should be i think due tot RBAC but ok) but i can see this is a wanted item amongst a lot of engineers that this option would be available for automapping for mail enabled security groups.
So the question was if anyone found a solution to make this work with groups not using automapping but automatically added to Outlook due to that group membership set on an Exchange shared mailbox