Auto Mapping Mailboxes With Full Access (Shared) In Outlook 2010 Using Exchange 2010 SP1…

Share & Comment

A new client side feature which Microsoft has released in Exchange 2010 SP1 is the ability of Outlook 2010 to automatically map all mailboxes to which the logged in user has full access. Think of the shared mailbox scenario. I can see the benefits already, no more helpdesk calls asking to map mailboxes! All the end user (who uses Outlook 2010) needs to do is to close and open Outlook again.

Let me explain the feature based on my lab environment. I am logging into Outlook 2010 using the Administrator account and all I have is the admin mailbox alone.

Mailbox Before Automapping

I am giving Administrator account full access to Chakka’s mailbox using the console. You can achieve the same using the shell as well. Below screenshots confirm my action.

Give full access

Full access to admin mailbox

Full access confirmation

Once I have the permissions set on the server side, I restart my Outlook & boom! I have Chakka’s mailbox mapped in Outlook automatically.

Auto mailbox mapping in Exchange 2010 SP1

Just to be clear, this DOES NOT happen in OWA 2010 SP1.

No auto-mapping in OWA 2010 SP1

If you check “Account Settings –> More Settings –> Advanced”, Chakka’s mailbox is not listed in the option (where the helpdesk normally maps the account).

More Settings In Outlook 2010

A normal question at this stage is, “how does this work then?”. When full access to a mailbox is granted, Exchange updates an AD attribute on the mailbox on which the access is applied (Chakka’s mailbox in our case). The attribute is “msExchDelegateListLink”.

msExchDelegateListLink

The attribute takes multiple values in the form of CN of the user who has full access.

Admin CN in attribute editor

When you launch Outlook 2010, it searches for mailboxes that have the user’s mailbox DN listed in msExchDelegateListLink attribute and displays them below the user’s primary mailbox.

Points to note:

  • This feature only work with Outlook 2010 & Exchange 2010 SP1 combination
  • The permission has to be applied once both the mailboxes are in 2010 SP1.
  • Moving shared mailboxes from 2010 to SP1 or upgrading Exchange 2010 to SP1 doesn’t add this feature automatically. The existing permissions will have to be removed using EMC or shell & reapplied.

A welcome feature indeed & it will reduce the helpdesk calls for sure!

Share & Comment
Subscribe for Updates
Never miss a blog post again

26 comments… add one

  1. Anonymous

    Can this work with groups? That would automate a lot…

  2. I don't think so, as "msExchDelegateListLink" attribute is not present in a group. I haven't tested it though.

  3. Anonymous

    Kind of annoying you have to unset and then reset this value to get it to work. (If you had already set Full permissions up prior to SP1)

  4. I agree. I haven't tried this, but if you manually populate the value of "msExchDelegateListLink" attribute with users who have full access, it should work.

    But again, it is a manual job.

  5. You can also use scripting (powershell) to copy the existing permissions on a given mailbox, remove and then add it.

  6. Anonymous

    Looks like if you remove Full Access permission from a mailbox, it doesn't remove the attribute – so the mailbox will still be mapped in user's Outlook. You have to manually delete the attribute… kinda pain if you ask me… This feature would be nice, if it would actually work automatically once you take out permissions.

  7. I noticed that as well Anonymous. MS should be fixing this soon, I would think.

  8. I also noticed that if cached exchange mode is enabled and you have full access permission to someone with a very large mailbox, your ost file grows. I went from 500 MB to 7.7 GB before I realized this was happening.

  9. I had temporarily given myself full access on a couple of mailboxes and noticed they were showing up in my Outlook client…. I couldn't get rid of them no matter what I did. I'd remove them from the area where you used to have to add them (Open these additional mailboxes on the Advanced tab) and they'd just come right back. It was driving me crazy! I even went into Exchange Management console and made sure I was removed from Full Access. Didn't matter, the darned mailboxes kept showing up. It wouldn't have been so bad, but they were also showing up as additional Contact folders and additional calendars.

    Finally, after some quality time with Google, I came across this post that explained how Outlook determined which mailboxes to automatically open… I took a chance and went to check out the msExchDelegateListLink attribute, and there I was. I removed myself, waited for it to replicate, and restarted Outlook.

    Finally! The mailboxes stopped opening themselves.

    I can see this being beneficial in some cases, but in others it's a real pain in the rump.

  10. Hi Jake,

    You are right. The msExchDelegateListLink attribute is what Outlook queries for. But at this time, removing a mailbox permission doesn't automatically update this attribute (remove the value). It has to be done manually for the timebeing.

    Hopefully there should be a fix soon. Thanks for sharing your experience.

  11. Anonymous

    great if just opening a single mailbox, but when they grant full access to like 10 mailboxes…let the pain begin.

  12. Anonymous

    Great feature… but not in my case. How do I disable this annoying thing?

  13. There is no global on/off parameter for this. Easiest is to delete the values in msExchDelegateListLink using ADSIEdit. If you have too many users, use ADModify.NET

  14. Renato

    question… "When you launch Outlook 2010, it searches for mailboxes that have the user's mailbox DN listed in msExchDelegateListLink attribute and displays them below the user's primary mailbox." What if I don't have a primary mailbox on the account I launch Outlook with? My testing shows that it doesn't list the shared mailboxes that I have access to (we're talking about a separate Administrator account). I do NOT want it to automatically map all mailboxes to which the logged in user has full access, but there's concern that eventually it will (once fully migrated to Exchange 2010). Thanks! R

  15. Hi Renato,

    If you don't want to automatically map mailboxes, there are scripts available to create a new mailbox that way.

    Moving to 2010 won't map automatically, only if you give permissions once on 2010.

    Thanks,

  16. Anonymous

    Thanks Rajith – I'm aware of the disabling scripts, but for an admin account on which you want to give manage rights globally, I haven't found them (only for "one mailbox at a time") – and this would be for an entire department (separate admin accounts, none with mailboxes) and for all mailboxes, current and in the future.

    Again – just curious. And thanks!

    And it's "Robert" – not sure how "Renato" came about… ;)

  17. Hi Robert,

    There are no global settings yet to disable it. Maybe a future rollup will bring it. Depends on the feedback MS gets.

    Thanks,

  18. Anonymous

    Rajith,

    You just explained the conendrum I have beeing dealing with for the last 24 hours! This feature does seem useful but not for what I am trying to do…

    We purchased 2010 for my client becuase he has 3 different Exchange accounts (for 3 different domains) before for Outlook 2007 we would grant full permission and send permission and he would have to type in the From field where he wanted to send from.

    Now that he got 2010 it allows you to attach multiple exchange mailboxes seperatly which allows you to have a Drop Down in the FROM to select where to send from.

    Of course when I do this it adds 2 mailboxes one from the DelegateList and then the one I add as a seperate OST!

    Would the only solution be to remove the attributes so it does not auto map?

  19. GP

    Is there any setting that automapped mailbox would be setup as not in cached mode (but the primary mailbox is setup as cached)?

    1. Rajith Enchiparambil

      Bit more info GP.

      You need the primary mailbox to be in cached mode? Isn’t that the case by default?

      Thanks.

  20. anonymous

    http://technet.microsoft.com/en-us/library/hh529943.aspx for outlook auto-mapping desactivation

  21. Thomas

    Excellent information, especially with the AD attributes. Note that a restart of Outlook is not required – Outlook 2010 and 2007 periodically update this information while running. What is not clear is how frequent that update is and if there is any way to manually force an update without restarting.

    I might point out that from my experience, restarting Outlook does not automatically map the drive – there is still a significant delay time before the mailbox maps. I suspect this is either related to the size of our Exchange environment, or that Outlook only updates at a specified *time* based on the system clock.

    1. Rajith Jose Enchiparambil

      Thanks Thomas.

      Maybe the AD replication delay is coming into play as well.

  22. Regina Schnabl

    How does it work with Exchange Server 2013???

    1. There shouldn’t be any difference Regina.

Leave a Comment