Exchange 2007 and Shared Mailboxes

    In many environments it might come in handy to create a “Shared Mailbox”, this would be a mailbox that does not have an “active” user associated with this.  Exchange 2007 lets you create a shared mailbox, that created and then disabled an active directory account.  This creates the mailbox without the pesky problem of having an active account with access to the domain.  This can cause problems when one of the users leave, and now there’s an account you either have to change the password on, or roll the dice and hope they don’t use it to cause problems.

    One of the problems I have with creating a shared mailbox, is that you have to do it through the Exchange PowerShell program and not have an easy GUI interface in the management Console.  In the powershell command, you simply “-Shared” option while creating the mailbox using the New-Mailbox cmdlet.

[PS] C:\>New-Mailbox -Name:'Help Desk' -OrganizationalUnit:'Domain.com/MIS' -Database:'Mailbox Database' -UserPrincipalName:'helpdesk@yourdomain.com' -Shared

This will create a disabled user account called Help Desk will be created in the ‘MIS’ OU with an attached mailbox. Since the user account is disabled by default, there was no password required.  Please make sure you change the ‘Domain.com/MIS’ to a valid OU in your domain.

Now  sometimes when a user leaves your company and they were the calendar keeper, you may want to make their account the shared mailbox, the Set-Mailbox cmdlet command and the -Type parameter will let you do this:

[PS] C:\>Set-Mailbox helpdesk -Type:Shared

You can reverse this process by using the the -Type:Regular option.

[PS] C:\>Set-Mailbox helpdesk -Type:Regular

Now that our shared account has been created, we now need to grant access to this newly created shared mailbox.  For ease of use, I generally recommend that you create an Active Directory group that you want to give access to the shared mailbox.  Also as another suggestion I recommend calling it something that is easy to identify.  Once the group is created you can use the following command to give them access to the shared mailbox:

[PS] C:\>Add-MailboxPermission helpdesk -User:'HelpDesk Shared Mailbox Permissions Group' -AccessRights:FullAccess

Now your users have full permission to the mailbox and you only need to give “Send As” permissions in AD to the users that need it.  Now you can use on the following methods on the users computers to let them actually see the shared mailbox.  All the steps above give them permission to see it, but do not cause the mailbox to show in outlook, you need to do one of the following:

Add it as an additional mailbox within Outlook. The mailbox can be added on the advanced tab of your Exchange mailbox account settings.

OR

You can configure a separate Outlook profile for opening the shared mailbox.

No tags for this post.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.