none
Exchange 2010 Mailboxes - Can't search delegate's subfolders without full access permission?

    Question

  • Has anyone run into this situation?  Might be straightforward but I'm not running into a solution..

    I have two users on an Exchange 2010 server, accessing through Outlook 2010.  One is a delegate of the other's mailbox, and has owner permissions to see all the mail, subfolders, send on their behalf, etc...but when they go to search for an email (control-shift-F, then click on browse, find a folder that has subfolders...and select it), they don't have access to "include subfolders".  It's grayed out.  

    If I go to the main mailbox and grant full mailbox permissions to the other user, they CAN search and "include subfolders" isn't grayed out, all works properly...but obviously is a bit overkill permission-wise.    

    ...question is, what permission would be allowing a delegate to send on behalf, delete, read, list, etc. another person's email, but not letting the search be more than one folder level deep?

    Thanks in advanace

    Pete 

    Friday, June 08, 2012 7:54 PM

Answers

All replies

  • Hi,

    First please try to tick “Enable indexing of online delegate mailboxes”  via the steps below:

    1.Please run gpedit.msc from a command prompt.

    2. Expand Computer Configuration ->Administrator templates->windows components->click “Search”

    3. Double Click on “Enable indexing of online delegate mailboxes” option

    4. Select “Enabled” and click “ok” to close “Local Group Policy Editor”

    5. After that please run “gpupdate /force”

    6. Restart Microsoft Outlook

    Also please add the following registry key to the user computer to enable index in delegate mailboxes.

    Key: HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windows search

    DWORD: EnableIndexingDelegateMailboxes

    Value: 1

    Note: Indexing the contents of delegate mailbox folder. Using this method we can search through the delegate mailbox folders but we have to specify the folder in which one wants to search an Outlook items.

    After that, please rebuild the indexing with ResetSearchIndex.ps1

    How to Rebuild the Full-Text Index Catalog

    http://technet.microsoft.com/en-us/library/aa995966(v=exchg.80).aspx

    Please test the issue via outlook online mode after you have rebuild the indexing.


    Xiu Zhang

    TechNet Community Support

    Monday, June 11, 2012 8:25 AM
  • Question though - This seems more like I'm trying to have the delegate index all of the primary mailbox user's data, along with theirs, which may not be ideal given the mailbox sizes involved.

    Since giving the delegate 'full mailboxes permissions' to the primary mailbox within the EMC allows the delegate to properly search the primary mailbox, without adjusting any of their client settings...wouldn't that indicate a permissions issue within Exchange someplace that wouldn't need client side adjustments?

    In other words, when I change the delegate to full mailbox permissions to the primary user, they can do what they need immediately, without touching any of their indexing settings...to me that would indicate it's not necessarily a requirement to index the data for the involved users...


    Pete

    Monday, June 11, 2012 11:55 AM
  • Hi,

    In Cached Exchange Mode, Outlook uses Windows Search, a component built-in in Windows 7 and Windows Vista. Windows Search performs content indexing and provides search functionality to Outlook. Interfacing with a local content indexing and search service provides Outlook users running in Cached Exchange Mode a more efficient way to search their mailbox. In addition to indexing e-mail in the offline store, Windows Search also indexes other data residing in the file system.


    Xiu Zhang

    TechNet Community Support

    Tuesday, June 12, 2012 6:38 AM
  • HI, that makes sense on why indexing would be useful, but I'm not clear on why it's *required* to enable in my situation, if I can prove I am able to search other user's data without any indexing, based on granting the delegate full mailbox permissions.  Know what I mean?
    Tuesday, June 12, 2012 5:40 PM
  • Hi,

    Full mailbox permission will allow user to have permission to deal with the mailbox. But Exchange search will need depend on indexing, if we do not enable index on the related folder, then we cannot search the related folder.


    Xiu Zhang

    TechNet Community Support

    Wednesday, June 13, 2012 3:13 AM
  • I think you're missing my point- I'm not enabling indexing on the primary mailbox, but the 'search subfolders' option is available immediately when they have full access permission.  The delegate is searching a huge mailbox - it wouldn't be indexing it in seconds, yet I can search anything I like..

    Maybe this will help explain it better:  I CAN set the permissions so the delegate has the option to add the primary user's mailbox to their local index...that works ok...but that is not giving me the option to search a subfolder when I click on a particular folder and say 'search subfolder'...The 'Search Subfolder' option is still grayed out.  Sure, I have the entire index and can search every folder they have, but that's not what I want to search.  If I click on a folder, I don't want to search that folder or ALL folders in outlook..I want to search that particular folder and it's subfolders....an option I can do on the delegate mailbox's own folders, the primary user's mailbox if they have full manage permissions (index or no index), but not when when standard out-of-the-box permissions are in place.

    Wednesday, June 13, 2012 10:44 AM
  • Hi,

    I understand that you can have "search subfolder" when you have full permission, but it will not be available when you have owner permission, is that ture?

    We can try to use ExFolder.exe to check the folder level permission

    Exchange 2010 SP1 (and later) ExFolders

    http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405

    By the way, how did you grant user owner permission? I recommend you to grant it from Exchange server side.

    Allow Mailbox Access

    http://technet.microsoft.com/en-us/library/aa996343.aspx


    Xiu Zhang

    TechNet Community Support

    Thursday, June 14, 2012 6:54 AM
  • Hi,

    I understand that you can have "search subfolder" when you have full permission, but it will not be available when you have owner permission, is that ture?

    Yes - that is correct

    We can try to use ExFolder.exe to check the folder level permission

    Exchange 2010 SP1 (and later) ExFolders

    http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405

    I'll look into using ExFolders now...

    By the way, how did you grant user owner permission? I recommend you to grant it from Exchange server side.

    Allow Mailbox Access

    http://technet.microsoft.com/en-us/library/aa996343.aspx

    The end users configure the delegates through their clients only... I don't see any signs in this environment of anyone doing it from the exchange side of things.  The only adjustment I was doing on the exchange server side was granting the full access permissions.


    Thursday, June 14, 2012 5:37 PM
  • Hi,

    I recommend you to grant delegation permission from Exchange server side. Also you compare the permission when you configure from outlook and server side.


    Xiu Zhang

    TechNet Community Support

    Friday, June 15, 2012 6:07 AM