Exchange Server 2007 introduces many new and really well defined recipient types. One of them is the one my customer asked me about. The process to create a Shared Mailbox will create a disable Active Directory user as there is no point to have it - that is not the purpose of this recipient. On the old and still actual days of Exchange Server 2003 or older, when we created a Shared Mailbox we basically created an Active Directory account with an associated mailbox and those credentials would be shared within who needed to use it. What is the issue here? Security! Was never a good idea to more than one individual login with same credentials. Control on it would be inexistent.
So in Exchange Server 2007 what we have is a mailbox with a disabled user and in a way we can give access to users or distributions lists we just add the proper permissions to the mailbox and it is done.
First of all we need to create our Shared Mailbox and to do that we need to use the Exchange Management Shell!
[PS] C:\>New-Mailbox -Name "mailbox" -Database "database" -UserPrincipalName firstname.lastname@example.org -Shared
At this stage we have our mailbox created and our active directory user disabled...
However now we need to give the right permissions...
Let's start by giving instructions to the shared mailbox that a few users should have Full Access on it, otherwise won't work. Advice here is do this to a Security Group more than to individual users by the same reasons referred above. Let's do it then to the users on the Sales Team!
[PS] C:\>Add-MailboxPermission "mailbox" -User "user" -Access Rights FullAccess
Almost done but a couple more things to do. At this stage the users on the Sales Team can access totally the mailbox however they still can't send e-mails from the shared mailbox. To do that we need to give them some permissions in Active Directory side...
[PS] C:\>Add-ADPermission "mailbox" -User "user" -ExtendedRights Send-As
At this stage the Sales Users are GOD within the Sales Team Shared Mailbox.
With Exchange Server 2007 Service Pack 1 we can actually setup the Full Access and Send As permissions. Basically we just right click on the Shared Mailbox and add the recipients to the desired permission or just select the account, and on the right hand side of the console you will see the same options.
And that's it!
Posted by Pedro Alves
Posted: Monday, February 23, 2009 11:19 AM by msukucc