locked
Converting user mailboxes to room mailboxes RRS feed

  • Question

  • We have several users who never logon to our network but simply access their mailboxes through a client device or OWA. These user do not need an interactive user account.

    What is the easyest way of converting user mailboxes to room mailboxes?

    Will the user lose OWA or any other functionality (in the context of being an external user)?

    Does anyone have a good link that shows how best to convert mailboxes?

    Thanks


    Marco S

    Wednesday, December 5, 2012 2:40 PM

Answers

  • Hi Macro,

    If you convert the mailboxes to resource mailbox, the mailbox access won't work as the account is disabled. So you should have an active directory account as you have now, to operate a mailbox in any way


    Regards from ExchangeOnline

    • Marked as answer by Mark-199 Thursday, December 6, 2012 9:55 AM
    • Unmarked as answer by Mark-199 Thursday, December 6, 2012 9:55 AM
    • Marked as answer by Mark-199 Friday, December 7, 2012 2:29 PM
    Wednesday, December 5, 2012 4:22 PM
  • You could potentially put the user(s) into their own OU with a special OU to restrict the account.  One of the suggestions I found was to have the user locked out if they try to log in.  I believe this setting would be set here:

    [ Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy]

    You can also restrict what computers the user can logon to to further enhance this.  This setting is under the user account properties, Account tab - "Log On To"


    JAUCG - Please remeber to mark replies as helpful if they were or as answered if I provided a solution.

    Thursday, December 6, 2012 1:58 PM

All replies

  • Marco,

    The best way to convert a mailbox is to use - http://technet.microsoft.com/en-us/library/bb201749(v=exchg.80).aspx - as a reference.   Sample command from that link  "Set-Mailbox User01 -Type Room"

    As to whether or not you should convert the mailbox, I would not convert it to a room mailbox because the account is disabled and the password is automatically reset by Exchange.  See here:

    http://exchangeserverpro.com/exchange-server-2010-room-mailboxes-step-by-step-guide


    JAUCG - Please remeber to mark replies as helpful if they were.

    • Marked as answer by Mark-199 Thursday, December 6, 2012 9:55 AM
    • Unmarked as answer by Mark-199 Thursday, December 6, 2012 9:55 AM
    Wednesday, December 5, 2012 3:59 PM
  • Hi Macro,

    If you convert the mailboxes to resource mailbox, the mailbox access won't work as the account is disabled. So you should have an active directory account as you have now, to operate a mailbox in any way


    Regards from ExchangeOnline

    • Marked as answer by Mark-199 Thursday, December 6, 2012 9:55 AM
    • Unmarked as answer by Mark-199 Thursday, December 6, 2012 9:55 AM
    • Marked as answer by Mark-199 Friday, December 7, 2012 2:29 PM
    Wednesday, December 5, 2012 4:22 PM
  • Hi Marco,

    Any updates?


    Frank Wang
    TechNet Community Support

    Thursday, December 6, 2012 8:55 AM
  • Thanks for your replies.

    If I can't use the room mailbox as a functioning user mailbox, what is best practice configuration of an AD user account if the user never needs to logon to the network.
    Obviously, I would disable remote access but should I modify any other settings such as the attributes?


    Marco S

    Thursday, December 6, 2012 11:06 AM
  • You could potentially put the user(s) into their own OU with a special OU to restrict the account.  One of the suggestions I found was to have the user locked out if they try to log in.  I believe this setting would be set here:

    [ Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy]

    You can also restrict what computers the user can logon to to further enhance this.  This setting is under the user account properties, Account tab - "Log On To"


    JAUCG - Please remeber to mark replies as helpful if they were or as answered if I provided a solution.

    Thursday, December 6, 2012 1:58 PM
  • Obviously, I would disable remote access but should I modify any other settings such as the attributes?

    Hi Marco,

    If you also want to disable owa external access for these users, you can restrict it via TMG/ISA if you have one.

    For detailed information, please see:

    How to Block OWA for External Users

    http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx


    Frank Wang
    TechNet Community Support

    Friday, December 7, 2012 2:37 AM
  • I've just setup a room mailbox, enabled its account in AD and now I am able to use it for OWA, to logon to workstations etc... I thought that I wouldn't be able to do that with a room mailbox and account.

    Anyway, I will follow your advice and setup a normal mailbox with user and then restrict it using GP, disable certain settings etc


    Marco S

    Friday, December 7, 2012 2:33 PM