Full Access to Shared mailbox for mail enabled Security group

Sebastiaan Vugts 21 Reputation points
2021-12-08T11:22:39.977+00:00

I am working with an On Prem environment of Exchange 2016 and because of the many, many, many shared folders and shared mailboxes, we're using function groups.

So basically: When you are a Service Employee, you are member of the group FUNC_Service and that group has RW access to several networkfolders and is member of several distributiongroups.
This works.

But, there are also around 20 shared mailboxes that need to be accessed and this is where I hit a snag.
In theory, when I made FUNC_Service a mail enabled universal security group, I should be able to use the command:
Add-Mailboxpermission -identity "Shared A" -user "FUNC_Service" -AccessRights "FullAccess" -Automapping $true

In practice, the command is accepted in Powershell, the accesrights are given, but the users in FUNC_Service will NOT see mailbox "Shared A" unless I add them personally. They have restarted Outlook several times and waited an hour.
In fact, when I was so certain it had to work like that, I immediately set that up for all shared mailboxes and removed direct access.
As a result, all employees lost all shared mailboxes in Outlook.

This makes it so that for every new employee, I would have to add them to 14 different mailboxes by hand.
How can I make this work?

Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,736 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,227 questions
0 comments No comments
{count} votes

Accepted answer
  1. Joyce Shen - MSFT 16,631 Reputation points
    2021-12-09T05:19:16.813+00:00

    Hi @Sebastiaan Vugts

    Yes, automapping is controlled by attribute msExchDelegateListLink and it can only have individual user account. Hence if you require automapping then add users explicitly to shared mailbox.

    You could consider using a powershell script to automatically add the users in groups, for example:
    Outlook Auto-Mapping and delegation to groups.
    Automapping of Mailbox in Outlook does not work if Full Access Permission assigned to a Group
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    We should also note that, multiple automapped mailbox will delay outlook startup.


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Vasil Michev 91,126 Reputation points MVP
    2021-12-08T12:25:47.073+00:00

    Automapping only works for directly assigned permissions, not group-based ones. Add the permissions without automapping and have the user manually add the mailbox. Or just grant permissions directly to the user.

    1 person found this answer helpful.