Sunday, January 8, 2012

Prevent Mailbox AutoMapping

With Exchange 2010 came the great AutoMapping feature. With it, administrators could grant users full access to mailboxes and these would automatically appear in user’s Outlook without the need to manually add them.

As you might know, this is done by using an Active Directory attribute on the user’s mailbox called msExchDelegateListLink that contains a list of Distinguished Names of mailboxes the user has full access to and should auto-mount in Outlook.

However, in cases where administrators have access to dozens, hundreds or thousands of mailboxes, this is not ideal... You can give permissions and then manually edit msExchDelegateListLink to remove the mailbox from the list or create a script to do this automatically, but with Exchange 2010 SP2 comes an easier way to achieve this.

By using the Add-MailboxPermission cmdlet you now have available the –AutoMapping parameters that allows you to specify if the mailbox should auto-mount or not!
Add-MailboxPermission "mailbox" -User "user" -AccessRights FullAccess –AutoMapping $False
Hope this helps!

6 comments:

  1. Hi Nuno,

    Do you know if there is a way to do this across the entire domain or at Database Level?

    ReplyDelete
  2. Hi! What exactly are you trying to achieve? This only works when you assign permissions, so I don't understand what you are looking for...
    Do you have users with permissions already assigned and the mailbox(es) already mapped and you want to remove the mapping but leave the permissions?

    ReplyDelete
  3. I have users which are being migrated from an earlier version of Exchange to Exchange 2010 SP2, if they have Full Mailbox Access, and are using Outlook 2010 SP1 as a Client they then Auto-Map the mailboxes - in some cases this temporarily leads to duplicated mailboxes appearing in their view.

    Therefore I'm looking for a way, other than to go through, remove the full mailbox permission, and then re-add full mailbox permission using the -AutoMapping $False to prevent migrated accounts Automapping mailboxes.....any thoughts?

    Thanks in advance.

    ReplyDelete
  4. My understanding from the migrations I have done and from Microsoft’s documentation is that AutoMapping only works when you assign permissions on a mailbox that is already on 2010, so I am not sure why you are seeing duplicate mailboxes in Outlook.

    Are you migrating the mailboxes manually or through a script? If you are using a script, you could remove the permissions, migrate the mailbox and then assign the permissions again with AutoMapping set to $False.

    The only way I can think of is through removing and re-assigning the permissions to your Exchange 2010 users... This can easily be done with something like this (for 1 particular user):
    $RemoveAutoMapping = Get-MailboxPermission “user” | ? {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $False}
    $RemoveAutoMapping | Remove-MailboxPermission
    $RemoveAutoMapping | ForEach {Add-MailboxPermission $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $False}

    Does this help?

    ReplyDelete
  5. Yes a great deal, thanks Nuno

    ReplyDelete