none
Auto mapping other users mailbox in outlook 2010

    Question

  • Not sure if
    this is doable or not. We just migrated to 2010 Exchange SP2 server and all
    users have outlook 2010.

    Some users
    have full access rights to open other users mailboxes. They access these from
    the left hand side bar once we add them (exchange settings --> more settings
    -->advance --> add mailbox). We have to do this manually for every user.
    If they go and sit at a different desk, then we have to go there and add these
    again.

    I was under the impression that once you give a user full access to a mailbox, the mailbox
    shows up automatically in their outlook 2010.

    Is this
    correct? Is there any other way to add these mailbox to outlook without doing manually?<o:p></o:p>

    Thanks


    • Edited by newone88 Tuesday, April 10, 2012 4:49 PM
    Tuesday, April 10, 2012 4:40 PM

Answers

  • So if this all existed prior then it will not automap. 

    You need to use the 2010 tools to assign this permission.  What happens if you remove the FM access via EMC/EMS and then re-add it?


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Marked as answer by newone88 Thursday, April 12, 2012 9:06 PM
    Thursday, April 12, 2012 8:02 PM

All replies

  • The Auto Map was a new Exchange 2010 SP1 feature, and should be functional if you had SP1 and assigned full access in the past.

    if this is not working and you are on SP2, have you checked to see what information is being returned via Autodiscover to the client?  Also it is possible now to disable the automap http://technet.microsoft.com/en-us/library/hh529943.aspx  has that been done at all?


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, April 10, 2012 6:10 PM
  • Sorry, we are on SP1 right now and not SP2. We are planning to upgrade to SP2 tonight.

    How can I check to see what autodiscover returned?

    If I go and add the mailbox manualy, it shows up fine.

    Thanks

    Tuesday, April 10, 2012 7:35 PM
  • http://blogs.technet.com/b/exchange/archive/2007/03/05/3401304.aspx

    All of this information can easily be seen via the Test E-mail AutoConfiguration tool in Outlook 2007 (press CTRL and right-click the Outlook icon in the System tray).

    Take a peek and see what is coming back to the user.


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, April 10, 2012 8:02 PM
  • Thanks. I did the test but I don't see any information regarding the mailboxes that I have rights to
    Tuesday, April 10, 2012 8:25 PM
  • Where did you look?    It will not be on the first tab. 

    Can you share the contents  of the XML tab please?  I'm interested to see what is at the bottom.


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, April 12, 2012 1:17 AM
  • Hello,

    Yes, it’s the new auto-mapping feature in Exchange 2010. Actually, Outlook tries to check the main user’s attribute “msExchDelegateListLink” in AD to find the shared mailbox. For more details, please see the following link:

    http://www.howexchangeworks.com/2010/09/auto-mapping-mailboxes-with-full-access.html

    Thanks,

    Simon

    Thursday, April 12, 2012 3:14 AM
    Moderator
  • Ok, today this was working fine but was mapping only few folders for some users and non for the others.

    If I add these manualy, then they show up fine and the user has full access to them.

    I will post the XML tab tomorrow.

    Thanks

    Thursday, April 12, 2012 4:29 AM
  • Hello,

    Yes, it’s the new auto-mapping feature in Exchange 2010. Actually, Outlook tries to check the main user’s attribute “msExchDelegateListLink” in AD to find the shared mailbox. For more details, please see the following link:

    http://www.howexchangeworks.com/2010/09/auto-mapping-mailboxes-with-full-access.html

    Thanks,

    Simon

    Just to be clear on the semantics, outlook is not checking that value as mentioned in the 3rd party post.  This is all coming down via autodiscover, and Exchange SP1 CAS is doing the work. Outlook reads the AutoD response and then does connects to the mailbox

    AlternativeMailbox>

    <Type>Archive</Type>

    <DisplayName>Online Archive - The Delegate</DisplayName>

    <LegacyDN>/o=KCE14/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=The Delegate/guid=1aad4a1f-1614-48b1-a2a9-b47812a9d24b</LegacyDN>

    <Server>LAB1-E14-1.KCE14.LAB</Server>

    </AlternativeMailbox>

    </AlternativeMailbox>

    <Type>Delegate</Type>

    <DisplayName>The Manager</DisplayName>

    <LegacyDN>/o=KCE14/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=The Manager</LegacyDN><Server>LAB1-E14-1.KCE14.LAB</Server>

    </AlternativeMailbox>:

    <AlternativeMailbox><Type>Delegate</Type>

    <DisplayName>Online Archive - The Manager</DisplayName>

    <LegacyDN>/o=KCE14/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=The Manager/guid=d4ff3216-e84d-4d65-aa09-64891ef69d8e</LegacyDN>

    <Server>LAB1-E14-1.KCE14.LAB</Server>

    </AlternativeMailbox>


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, April 12, 2012 1:47 PM
  • here is the XML for one user. This user has full rights to 3 other mailboxes but they are not being auto generated

    <?xml version="1.0" encoding="utf-8"?>
    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
      <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
        <User>
          <DisplayName>Support One</DisplayName>
          <LegacyDN>/o=COMP/ou=first administrative group/cn=Recipients/cn=sone</LegacyDN>
          <AutoDiscoverSMTPAddress>sone@comp.net</AutoDiscoverSMTPAddress>
          <DeploymentId>a6de9777-a877-4273-af0f-a61d13b5df40</DeploymentId>
        </User>
        <Account>
          <AccountType>email</AccountType>
          <Action>settings</Action>
          <Protocol>
            <Type>EXCH</Type>
            <Server>COMP-EXCHANGE.COMP.local</Server>
            <ServerDN>/o=COMP/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=COMP-EXCHANGE</ServerDN>
            <ServerVersion>738280F7</ServerVersion>
            <MdbDN>/o=COMP/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=COMP-EXCHANGE/cn=Microsoft Private MDB</MdbDN>
            <PublicFolderServer>COMP-EXCHANGE.COMP.local</PublicFolderServer>
            <AD>COMP-dc.COMP.local</AD>
            <ASUrl>https://COMP-exchange.COMP.local/EWS/Exchange.asmx</ASUrl>
            <EwsUrl>https://COMP-exchange.COMP.local/EWS/Exchange.asmx</EwsUrl>
            <EcpUrl>https://COMP-exchange.COMP.local/ecp/</EcpUrl>
            <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
            <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
            <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
            <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
            <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
            <OOFUrl>https://COMP-exchange.COMP.local/EWS/Exchange.asmx</OOFUrl>
            <UMUrl>https://COMP-exchange.COMP.local/EWS/UM2007Legacy.asmx</UMUrl>
            <OABUrl>Public Folder</OABUrl>
          </Protocol>
          <Protocol>
            <Type>EXPR</Type>
            <Server>webmail.COMP.net</Server>
            <SSL>On</SSL>
            <AuthPackage>Ntlm</AuthPackage>
            <ASUrl>https://COMP.net/ews/exchange.asmx</ASUrl>
            <EwsUrl>https://COMP.net/ews/exchange.asmx</EwsUrl>
            <EcpUrl>https://webmail.COMP.net/ecp/</EcpUrl>
            <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
            <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
            <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
            <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
            <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
            <OOFUrl>https://COMP.net/ews/exchange.asmx</OOFUrl>
            <UMUrl>https://COMP.net/ews/UM2007Legacy.asmx</UMUrl>
            <OABUrl>Public Folder</OABUrl>
          </Protocol>
          <Protocol>
            <Type>WEB</Type>
            <Internal>
              <OWAUrl AuthenticationMethod="Basic, Fba">https://COMP-exchange.COMP.local/owa/</OWAUrl>
              <Protocol>
                <Type>EXCH</Type>
                <ASUrl>https://COMP-exchange.COMP.local/EWS/Exchange.asmx</ASUrl>
              </Protocol>
            </Internal>
            <External>
              <OWAUrl AuthenticationMethod="Fba">https://webmail.COMP.net/owa/</OWAUrl>
              <Protocol>
                <Type>EXPR</Type>
                <ASUrl>https://COMP.net/ews/exchange.asmx</ASUrl>
              </Protocol>
            </External>
          </Protocol>
        </Account>
      </Response>
    </Autodiscover>

    Thursday, April 12, 2012 2:56 PM
  • Ok -  so we see that the delegate information is not being returned to Outlook.

    Can you show me what this returns:

    Get-MailboxPermission -Identity delegatedmailbox

    Where delegatedmailbox is the mailbox that you expect to show up in Support One's Outlook. 

    Also - can you confirm for me that you used Exchange 2010 SP1 tools to add the Full Mailbox access?  Or was this delegation added before? 

    Also if you are using the add-AD permission cmdlets, then they will not fill in msExchDelegateListLink attribute.  Is that your scenario?

    Use adsiedit to look at the msExchDelegateListLink value - is it populated?



    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, April 12, 2012 3:24 PM
  • Ok, all access rules were there before we migrated from 2003 to 2010.

    I did not use Exchange tools to add full permissions, I just verified them there

    This is what I got. You see that sone has fullaccess

    Identity             User                 AccessRights                                                IsInherited Deny
    --------             ----                 ------------                                                ----------- ----
    COMP.local/COMP/U... NT AUTHORITY\SELF    {FullAccess, SendAs, ReadPermission}                        False       False
    COMP.local/COMP/U... COMP\sone            {FullAccess, DeleteItem, ReadPermission, ChangePermissio... False       False
    COMP.local/COMP/U... COMP\officesupport   {FullAccess, DeleteItem, ReadPermission, ChangePermissio... False       False
    COMP.local/COMP/U... COMP\Domain Admins   {FullAccess}                                                True        True
    COMP.local/COMP/U... COMP\Enterprise A... {FullAccess}                                                True        True
    COMP.local/COMP/U... COMP\Organization... {FullAccess}                                                True        True
    COMP.local/COMP/U... COMP\svc_backup      {FullAccess}                                                True        True
    COMP.local/COMP/U... COMP\administrator   {FullAccess}                                                True        True
    COMP.local/COMP/U... COMP\Exchange Ser... {FullAccess}                                                True        False
    COMP.local/COMP/U... COMP\Exchange Dom... {FullAccess}                                                True        False
    COMP.local/COMP/U... COMP\Organization... {ReadPermission}                                            True        False
    COMP.local/COMP/U... COMP\Public Folde... {ReadPermission}                                            True        False
    COMP.local/COMP/U... COMP\Exchange Dom... {ReadPermission}                                            True        False
    COMP.local/COMP/U... COMP\Exchange Ser... {ReadPermission}                                            True        False
    COMP.local/COMP/U... COMP\SBS Mail Ope... {ReadPermission}                                            True        False
    COMP.local/COMP/U... COMP\Delegated Setup {ReadPermission}                                            True        False
    COMP.local/COMP/U... COMP\Organization... {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
    COMP.local/COMP/U... COMP\Exchange Tru... {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
    COMP.local/COMP/U... COMP\administrator   {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
    COMP.local/COMP/U... COMP\Enterprise A... {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False
    COMP.local/COMP/U... COMP\Domain Admins   {FullAccess, DeleteItem, ReadPermission, ChangePermissio... True        False

    Thursday, April 12, 2012 7:56 PM
  • So if this all existed prior then it will not automap. 

    You need to use the 2010 tools to assign this permission.  What happens if you remove the FM access via EMC/EMS and then re-add it?


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Marked as answer by newone88 Thursday, April 12, 2012 9:06 PM
    Thursday, April 12, 2012 8:02 PM
  • I tested that and it works. So I have to go to each user, remove the existing persmissions and add them again...)-:

    This will take a lot of time.

    Thursday, April 12, 2012 8:19 PM
  • I tested that and it works. So I have to go to each user, remove the existing persmissions and add them again...)-:

    This will take a lot of time.

    It would if this were Exchange 2003, but now we have PowerShell to assist !

    I want you to test this in the lab before running in production; but you can take this loop through mailboxes however you choose to remove and then re-add the permission so that you do not do it manually. 

    # Get the Mailbox permissions on this mailbox enabled user.  
    # Only where they are NOT inherited, and confer FullAccess perms.  Save in the variable entitled $FixZeMapping
    $FixZeMapping = Get-MailboxPermission userX |where {$_AccessRights –eq “FullAccess” –and $_IsInherited –eq $false}
    
    # Flush out the permissions selected in step one to clean them out 
    $FixZeMapping | Remove-MailboxPermission
    
    
    # Now add the permissions back in, and since this is done with the Exchange 2010 tools, the msExchDelegateListLink attribute will be set
    # THough this is to be tested before running in production......
    $FixZeMapping | ForEach {Add-MailboxPermission –Identity $_.Identity –User $_.User –AccessRights:FullAccess} 

    You did read the make sure you test it comment?  :) 


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, April 13, 2012 1:03 PM
  • Legend, that worked for us, was exactly the case, legacy 2003 mailbox needed users to be re-added. Thanks!
    Tuesday, August 07, 2012 3:48 AM
  • Groovy!  Thanks for sharing.

    I should probably pop this onto a blog so it is a bit more searchable :) 


    Cheers,

    Rhoderick

    Microsoft Premier Field Engineer, Exchange

    Blog: http://blogs.technet.com/rmilne  Twitter:     LinkedIn:

    Note: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, August 07, 2012 3:52 AM