none
How to get new mail notification for shared mailboxes in Outlook 2010

    General discussion

  • Now, this is a common problem for all who is using shared Exchange 2010 mailboxes with Outlook 2010, and possible other combinations as well, I have not tested this with Outlook 2007 or Exchange 2007. 

    The problem is that if you are given access to a shared mailbox, whenever there is a new email, you don't get the same notification when a new email arrives, as you do in your primary email account in Outlook.

    According to Microsoft, this is by design. And there is no way to control it, even if you add special rules to Outlook to display email alerts, it simply does not show up on incoming email. 

    Here is a possible solution for this. Be aware that this is maybe not suitable for your environment, but it works though.

    The standard way (and officially supported):
    The Exchange admin has to give you full mailbox access to the shared mailbox with EMC or powershell commands. In Exchange 2010 SP1, there is an auto-mapping feature, that automatically adds the shared mailbox to Outlook when you start Outlook. So no longer need for the end user to manually add the mailbox, as before.
    Great, only problem is that you never will never receive email alerts or notification when a new email arrives in the shared mailbox.

    The other way (and not officially supported):

    Instead of giving the end-user full access in Exchange ECM or powershell, give the user the account information (email address+username) and password for the shared mailbox. In Outlook 2010, go to File -> Account settings and click New.. to create a new Exchange account. In Outlook 2007 it was not supported to have more than one Exchange account, but in Outlook 2010 this is supported. It should take only a few seconds and then then new shared mailbox is ready. Restart Outlook. First time the user logs in, the user will asked to enter credentials for the shared mailbox. Enter it in the form DOMAIN\username + password. After that the user will not be asked for credentials again. That is, if you set the account for the shared mailbox to "Password never expires" in AD. If you don't set that property, the user will be asked again for credential after some time each time Outlook is started.

    What about security?
    First of all, this is a little dirty trick in order to get the email notification. At first you might think its a bad idea to give the password for the shared mailbox for several users in your AD. Not really if you ask me, they will have full access to the mailbox anyway if you give them "Full Access" permission in Exchange. Secondly, if you restrict the account to deny login to workstations and servers, then there is no simple way to exploit the account. If you also put "Password never expires" and "User cannot change password", there is no way the users can change the password and they also will not get prompted for the password again. If you are a little paranoid, you can enter the password yourself for the user first time after the account is added to Outlook, so the users will never know the password.

    I would like to know if anyone else has some comments about this. 

    Friday, May 11, 2012 1:55 PM

All replies

  • It is always a bad idea to share credentials between multiple users. Why not simply leave the Full Access permissions but disable the auto-mapping for the shared account? This requires Exchange 2010 SP2 and changing the permissions via the EMS but can also be achieved via ADSI Edit with Exchange 2010 SP1.

    Funny enough, I wrote an article on that yesterday discussing a similar issue ;-)
    http://www.msoutlook.info/question/673

    Other solutions/workarounds can be found here; http://www.msoutlook.info/question/585



    Robert Sparnaaij [MVP-Outlook]
    Outlook guides and more: HowTo-Outlook.com
    Outlook Quick Tips: MSOutlook.info

    Friday, May 11, 2012 2:17 PM
  • Yes I know its a bad idea to share credentials, but in small shops I don't see the any big problems as long as the user is restricted in AD to login onto maybe a DC, in that case that a normal user don't have the right to logon to a DC, thereby locking the account from login into any server. Maybe not perfect in a juridical setting, but again, not all countries are so strict as the US and requires lawyers to review every new configuration change... :) (just kidding here)

    Interesting reading, and I saw on http://www.msoutlook.info/question/585 that you also gave advice to add extra Exchange accounts in Outlook, just as I suggested too. Now you where writing about a mailbox where the user has has access to another user mailbox, or delegated access and then it would be fine. 

    I don't think disabling automapping would work regarding notifications, as it seems that Outlook only gives new mail notifications to separate Exchange accounts that are listed in Outlook Account settings, and not additional mailboxes the user has access too, regardless of automapping is active or if automapping is disabled and the user adds the mailbox manually to the existing Exchange account (Advanced - Open additional mailbox) 

    Friday, May 11, 2012 2:48 PM
  • I don't think disabling automapping would work regarding notifications, as it seems that Outlook only gives new mail notifications to separate Exchange accounts that are listed in Outlook Account settings, and not additional mailboxes the user has access too, regardless of automapping is active or if automapping is disabled and the user adds the mailbox manually to the existing Exchange account (Advanced - Open additional mailbox) 

    You misunderstood that; Instead of revoking the Full Access permissions (to prevent auto-mapping) and share the credentials for the mailbox with the users so that they can add it as a separate mailbox, you can just remove the auto-mapping property for the mailbox (and leave the Full Access permissions for the users) so that they can use their own credentials. You'd then have the recommended security settings and the notifications :-)


    Robert Sparnaaij [MVP-Outlook]
    Outlook guides and more: HowTo-Outlook.com
    Outlook Quick Tips: MSOutlook.info

    Friday, May 11, 2012 3:37 PM
  •  

    Another way to accomplish both things, without having to tweak the auto mapping, is add the users to a group and give full access permissions to the group. That way the auto mapping still happens when needed, but you can add the second (or more) exchange account to outlook 2010 as another main account without sharing passwords. This saves from having to change the default behavior of exchange and outlook 2010.


    Friday, September 14, 2012 6:03 AM