Exchange 2010 Mailboxes - Can't search delegate's subfolders without full access permission?
-
Friday, June 08, 2012 7:54 PM
Has anyone run into this situation? Might be straightforward but I'm not running into a solution..
I have two users on an Exchange 2010 server, accessing through Outlook 2010. One is a delegate of the other's mailbox, and has owner permissions to see all the mail, subfolders, send on their behalf, etc...but when they go to search for an email (control-shift-F, then click on browse, find a folder that has subfolders...and select it), they don't have access to "include subfolders". It's grayed out.
If I go to the main mailbox and grant full mailbox permissions to the other user, they CAN search and "include subfolders" isn't grayed out, all works properly...but obviously is a bit overkill permission-wise.
...question is, what permission would be allowing a delegate to send on behalf, delete, read, list, etc. another person's email, but not letting the search be more than one folder level deep?
Thanks in advanace
All Replies
-
Monday, June 11, 2012 8:25 AMModerator
Hi,
First please try to tick “Enable indexing of online delegate mailboxes” via the steps below:
1.Please run gpedit.msc from a command prompt.
2. Expand Computer Configuration ->Administrator templates->windows components->click “Search”
3. Double Click on “Enable indexing of online delegate mailboxes” option
4. Select “Enabled” and click “ok” to close “Local Group Policy Editor”
5. After that please run “gpupdate /force”
6. Restart Microsoft Outlook
Also please add the following registry key to the user computer to enable index in delegate mailboxes.
Key: HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windows search
DWORD: EnableIndexingDelegateMailboxes
Value: 1
Note: Indexing the contents of delegate mailbox folder. Using this method we can search through the delegate mailbox folders but we have to specify the folder in which one wants to search an Outlook items.
After that, please rebuild the indexing with ResetSearchIndex.ps1
How to Rebuild the Full-Text Index Catalog
http://technet.microsoft.com/en-us/library/aa995966(v=exchg.80).aspx
Please test the issue via outlook online mode after you have rebuild the indexing.
Xiu Zhang
TechNet Community Support
-
Monday, June 11, 2012 11:55 AM
Question though - This seems more like I'm trying to have the delegate index all of the primary mailbox user's data, along with theirs, which may not be ideal given the mailbox sizes involved.
Since giving the delegate 'full mailboxes permissions' to the primary mailbox within the EMC allows the delegate to properly search the primary mailbox, without adjusting any of their client settings...wouldn't that indicate a permissions issue within Exchange someplace that wouldn't need client side adjustments?
In other words, when I change the delegate to full mailbox permissions to the primary user, they can do what they need immediately, without touching any of their indexing settings...to me that would indicate it's not necessarily a requirement to index the data for the involved users...
Pete -
Tuesday, June 12, 2012 6:38 AMModerator
Hi,
In Cached Exchange Mode, Outlook uses Windows Search, a component built-in in Windows 7 and Windows Vista. Windows Search performs content indexing and provides search functionality to Outlook. Interfacing with a local content indexing and search service provides Outlook users running in Cached Exchange Mode a more efficient way to search their mailbox. In addition to indexing e-mail in the offline store, Windows Search also indexes other data residing in the file system.
Xiu Zhang
TechNet Community Support
-
Tuesday, June 12, 2012 5:40 PMHI, that makes sense on why indexing would be useful, but I'm not clear on why it's *required* to enable in my situation, if I can prove I am able to search other user's data without any indexing, based on granting the delegate full mailbox permissions. Know what I mean?
-
Wednesday, June 13, 2012 3:13 AMModerator
Hi,
Full mailbox permission will allow user to have permission to deal with the mailbox. But Exchange search will need depend on indexing, if we do not enable index on the related folder, then we cannot search the related folder.
Xiu Zhang
TechNet Community Support
-
Wednesday, June 13, 2012 10:44 AM
I think you're missing my point- I'm not enabling indexing on the primary mailbox, but the 'search subfolders' option is available immediately when they have full access permission. The delegate is searching a huge mailbox - it wouldn't be indexing it in seconds, yet I can search anything I like..
Maybe this will help explain it better: I CAN set the permissions so the delegate has the option to add the primary user's mailbox to their local index...that works ok...but that is not giving me the option to search a subfolder when I click on a particular folder and say 'search subfolder'...The 'Search Subfolder' option is still grayed out. Sure, I have the entire index and can search every folder they have, but that's not what I want to search. If I click on a folder, I don't want to search that folder or ALL folders in outlook..I want to search that particular folder and it's subfolders....an option I can do on the delegate mailbox's own folders, the primary user's mailbox if they have full manage permissions (index or no index), but not when when standard out-of-the-box permissions are in place.
-
Thursday, June 14, 2012 6:54 AMModerator
Hi,
I understand that you can have "search subfolder" when you have full permission, but it will not be available when you have owner permission, is that ture?
We can try to use ExFolder.exe to check the folder level permission
Exchange 2010 SP1 (and later) ExFolders
http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
By the way, how did you grant user owner permission? I recommend you to grant it from Exchange server side.
Allow Mailbox Access
http://technet.microsoft.com/en-us/library/aa996343.aspx
Xiu Zhang
TechNet Community Support
- Proposed As Answer by Xiu Zhang - MSFTModerator Tuesday, June 26, 2012 6:14 AM
- Marked As Answer by Xiu Zhang - MSFTModerator Tuesday, July 10, 2012 6:23 AM
-
Thursday, June 14, 2012 5:37 PM
Hi,
I understand that you can have "search subfolder" when you have full permission, but it will not be available when you have owner permission, is that ture?
Yes - that is correct
We can try to use ExFolder.exe to check the folder level permission
Exchange 2010 SP1 (and later) ExFolders
http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
I'll look into using ExFolders now...
By the way, how did you grant user owner permission? I recommend you to grant it from Exchange server side.
Allow Mailbox Access
http://technet.microsoft.com/en-us/library/aa996343.aspx
The end users configure the delegates through their clients only... I don't see any signs in this environment of anyone doing it from the exchange side of things. The only adjustment I was doing on the exchange server side was granting the full access permissions.
-
Friday, June 15, 2012 6:07 AMModerator
Hi,
I recommend you to grant delegation permission from Exchange server side. Also you compare the permission when you configure from outlook and server side.
Xiu Zhang
TechNet Community Support
- Marked As Answer by Xiu Zhang - MSFTModerator Tuesday, July 10, 2012 6:23 AM
.png)
