Mailbox auto-mapping through Autodiscover
Granting Full Access to a mailbox is one thing; a user being
able to open the mailbox to access it is quite another. The traditional
approach has been to modify the user’s Outlook profile so that the
mailbox is opened along with the other resources available to the user.
To do this, edit the profile, select More Settings, and then choose the
Advanced tab (Figure 4). Enter the name of the mailbox that should be opened.
This
approach works at the expense of requiring an intervention by the user
or an administrator to make sure that the profile is correctly
configured. Fortunately, some Autodiscover magic happens to detect when
users have Full Access to other mailboxes. Whenever a user is granted
Full Access to a mailbox, Exchange updates the msExchDelegateLinkList
property for the mailbox’s Active Directory account. This property
holds the distinguished names of all the accounts that have Full Access
to the mailbox.
When Autodiscover runs, it checks Active
Directory to find whether the account for which it is running has
access to any other mailbox. If the account is listed in
msExchDelegateLinkList for any other account, Autodiscover includes
these mailboxes as alternates in the XML manifest it provides to
Outlook; Outlook then inserts the mailbox in the resources it shows to
the user. This feature is called mailbox auto-mapping, and it only
works when Full Access is assigned to individual users rather than to
groups. The same mechanism is used to provide Outlook with information
about site mailboxes the user is entitled to open.The information Autodiscover provides to Outlook looks like this:
<AlternativeMailbox>
<Type>Delegate</Type>
<DisplayName>Contoso PR queries</DisplayName>
<SmtpAddress>[email protected]</SmtpAddress>
</AlternativeMailbox>
Sometimes,
you might not want a mailbox to show up automatically in Outlook, so
auto-mapping can be disabled if necessary by including a parameter when
you run the Add-MailboxPermission command to assign Full Access to a
mailbox. For example:
Add-MailboxPermission "Sales Enquiries" –User TRedmond -AccessRights FullAccess -AutoMapping:$False
This
command assigns Full Access to the mailbox to the nominated user but
does not populate the msExchDelegateLinkList property for the account.
Full Access remains undetected by Autodiscover, and Outlook is not
instructed to open the mailbox. If necessary, the traditional approach
can be used to open the mailbox.
Opening another user’s mailbox with Outlook Web App
Outlook Web App doesn’t use profiles, nor does it use
Autodiscover, so it cannot use this method to find out about newly
acquired access to a mailbox. However, it’s often convenient to use
Outlook Web App to open another user’s mailbox, like when an
investigator needs to open a discovery search mailbox to examine items
copied by an eDiscovery search.
To open another user’s mailbox,
click the down arrow shown beside the name of your mailbox on the far
right of the Outlook Web App screen and then type the name of the
mailbox that you want to open into the Open Other Mailbox dialog box.
Click OK, and if your account has the appropriate permissions, Outlook
Web App will open the mailbox.