none
Exchange 2010 automapping field population

    Question

  • Hi,

    We have migrated from Exchange 2003 to 2010 last year and we are still using OL2003. We are preparing the upgrade to Office 2010 and we have noticed the new functionality in OL2010 for full mailbox access rights, automapping. Most of our users have delegated to which their rights were assigned through EMC as full mailbox access. Unfortunately, these rights were assigned prior to us migrating to 2010 and I believe that preparing the ad schema for Exchange 2010 has modified the ad fields to include the new "automapping" one. As such, this leaves us with a lot of users for which this field is currently empty.

    We have found the following script on the net which was originally designed to "disable" the automapping feature. We would like to use the same script, with modifications, to enable the automapping feature based on the assumptions that "full mailbox rights" was assigned to user A on user B mailbox.

    $FixAutoMapping = Get-MailboxPermission sharedmailbox |where {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $false}

    $FixAutoMapping | Remove-MailboxPermission

    $FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $true}

    The modification we have made so far to the script was in the last line where the "...-AutoMapping $False" was changed to true.

    Can someone please confirm that this script will in fact look at every mailbox and for the ones who had "full mailbox rights" added, will populate the "automapping" field accordingly? Also, since we do not have a test environment yet (we are also working on this), how could I modify the script to run on a selected mailbox? This would allow me to confirm that the script is working as expected before running it on all mailboxes.

    Again, I am very grateful to everyone who will provide any input. I can't wait to have enough experience to be able to share and help others.

    Thanks!!


    Francois S. at FMD


    • Edited by FrancoisFMD Wednesday, February 15, 2012 2:32 PM
    Wednesday, February 15, 2012 2:30 PM

All replies

  • Most of our users have delegated to which their rights were assigned through EMC as full mailbox access. Unfortunately, these rights were assigned prior to us migrating to 2010 and I believe that preparing the ad schema for Exchange 2010 has modified the ad fields to include the new "automapping" one. As such, this leaves us with a lot of users for which this field is currently empty.

    Hi Francois,

    Yes, in Exchange 2010 SP2, the automapping feature is controlled by msExchDelegateListLink attribute in Active Directory.

    And if you move mailbox from Exchange 2003 to Exchange 2010, this attribute field will still be blank.

    I test a single mailbox in my lab, after running the cmdlet

    Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $true

    The msExchDelegateListLink attribue is filled and the automapping works.

    Also suggest you run the cmdlet with a single mailbox first.


    Frank Wang

    TechNet Community Support

    Friday, February 17, 2012 7:08 AM
  • Hi Francois,

    Any updates?


    Frank Wang

    TechNet Community Support

    Monday, February 20, 2012 2:05 AM
  • Hi Mark,

    I have tried testing this script on a single user mailbox but it seems I have something wrong in my test script. Here is what I used:

    get-mailbox -identity myalias | Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $true

    Can you tell me where I went wrong?

    Thanks

    François


    Francois S. at FMD

    Monday, February 20, 2012 2:26 PM
  • Hi Francois,

    What's the error message when you run the cmdlet?

    Please try this one:

     

    get-mailbox -identity myalias | Add-MailboxPermission -Identity $_.Identity -User "User name" AccessRights:FullAccess -AutoMapping $true


    Frank Wang

    TechNet Community Support

    Tuesday, February 21, 2012 3:29 AM
  • Hi Mark,

    This is the error I am getting when running the script I supplied:

    Cannot bind argument to parameter 'Identity' because it is null.
        + CategoryInfo          : InvalidData: (:) [Add-MailboxPermission], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MailboxPermission

    Regarding the script you asked me to try,

    get-mailbox -identity myalias | Add-MailboxPermission -User "User name" AccessRights:FullAccess -AutoMapping $true

    I may be wrong but the second part makes me assume that this cmdlet would be assigning full access rights to the "identity name" mailbox. Based on these premises, I don't know what you want me to indicate in the -user variable.

    As I mentioned, all my mailboxes already have full access rights assigned. All I need is for the msExchDelegateListLink field to be populated based on the assigned full access rights.

    Thanks


    Francois S. at FMD

    Tuesday, February 21, 2012 1:55 PM
  • Hi everyone,

    I am still having issues with the script I wish to use to fix the msExchDelegateListLink field in AD. As I mentioned earlier, most of our users have full access rights to their delegated mailbox which in most cases where attributed while our Exchange environment was 2003 and this field did not exist. So I search the net and found this script which originally was created to fix the msExchDelegateListLink to not automatically map the delegated mailbox. So all I did was change the value from "false" to "true" in the last line of the script.

    $FixAutoMapping = Get-MailboxPermission aliasname | where {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $false}
    $FixAutoMapping | Remove-MailboxPermission
    $FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $true}

    When I run this script, I get the following error message.

    Cannot bind argument to parameter 'Instance' because it is null.
        + CategoryInfo          : InvalidData: (:) [Remove-MailboxPermission], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Remove-MailboxPermission

    Cannot bind argument to parameter 'Identity' because it is null.
        + CategoryInfo          : InvalidData: (:) [Add-MailboxPermission], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MailboxPermission

    Somehow I can see why its not working but unfortunately my knowledge of Powershell is limited.

    Thank you!

    François


    Francois S. at FMD

    Friday, February 24, 2012 2:15 PM
  • Can anyone help me with this problem. We have started our pilot testing and will be starting training and migration of all users soon and I would really like to avoid having to go through all mailbox to reassign the full rights permission.

    Thanks.


    Francois S. at FMD

    Friday, March 23, 2012 12:28 PM
  • Here is a site that has a explanation of how to accomplish this. SymTec How to disable Auto-Mapping with full access permissions
    Friday, June 29, 2012 3:00 PM
  • Hello Francois,

    Just test the same script found on technet (http://technet.microsoft.com/en-us/library/hh529943.aspx) and the issue is : missing "." in the line $FixAutoMapping = Get-MailboxPermission aliasname | where {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $false}

    $_AccessRights=> fail

    $_.AccessRights => ok

    Same problem for $_IsInherited

    Thursday, August 23, 2012 9:28 AM