Creating Shared Mailboxes
The Exchange Management Console does not give the option for creating a shared mailbox in the new mailbox wizard. To create shared mailboxes you must use PowerShell.
To create a shared mailbox you simply add the "-Shared" option while creating the mailbox using the New-Mailbox cmdlet.
[PS] C:\>New-Mailbox -Name:'Help Desk' -OrganizationalUnit:'Domain.com/Exchange Resources' -Database:'Mailbox Database' -UserPrincipalName:'helpdesk@domain.com' -Shared
In this sample, a disabled user account will be created in the 'Exchange Resources' organizational unit with an attached mailbox. Since the user account is disabled by default no initial password was required.
If desired, existing mailboxes can be converted to shared mailboxes using the Set-Mailbox cmdlet by using the -Type parameter.
[PS] C:\>Set-Mailbox helpdesk -Type:Shared
To convert a shared mailbox to a regular user mailbox use the -Type:Regular option.
Assigning Permissions
Shared mailboxes do not have an associated password so you must grant mailbox permissions for the users requiring access to the mailbox. Since, by definition, shared mailboxes will be accessed by multiple users, I suggest assigning permissions using security groups. The first step is to create a security group in your domain containing the users you want to access the shared mailbox. For this example I will name the group "Help Desk Permissions Group". Grant full mailbox permissions for the group you just created.
[PS] C:\>Add-MailboxPermission helpdesk -User:'Help Desk Permissions Group' -AccessRights:FullAccess
Users in the the "Help Desk Permissions Group" will now have full access to the mailbox. But you are not done yet...you MUST also add the active directory 'Send-As' permission so that members of the group can send mail with the shared mailbox's email address. Additionally, you may want to add permissions to read/write personal information so that users can setup delegates if needed.
[PS] C:\>Add-ADPermission helpdesk -User:'Help Desk Permissions Group' -ExtendedRights:Send-As -AccessRights:ReadProperty, WriteProperty -Properties:'Personal Information'
Now your users will have complete access to the shared mailbox.
Example: create the following mailbox:
Name: Pinnacle Parking
Email: pinnacleparking@kordia.com.au
new-mailbox -name "Pinnacle Parking" -database "WINEXMP01\WINEXMP01 SG8\SG8_IS1" -org "internal.local/Prod/Special Objects/Exchange Resources" -shared -UserPrincipalName "pinnacleparking@kordia.com.au"
No comments:
Post a Comment