A new feature Mailbox Auto-Mapping appeared in Exchange 2010 SP1. When a user gets Full Access permissions to a mailbox in Exchange organization, after Outlook is restarted by the user, this mailbox is automatically mapped as a new additional mailbox in Outlook profile.
This feature allows to simplify getting access to additional and shared mailboxes. Due to Auto Mapping, all mailboxes of other users and shared mailboxes, which a user has access to, have to appear in the user Outlook automatically. This feature is available on the clients running Outlook 2007 or higher. This functionality is based on the special attribute msExchDelegateListLink, which contains the list of DN accounts granted Full Access permissions for the mailbox. At the same time, a user who has been granted the access has the value of msExchDelegateListBL attribute updated. This attribute contains the list of mailboxes to be automatically mapped after starting Outlook.
Auto Mapping functionality is quite convenient, but in some cases it prevents the normal work, for example, when a user doesn’t want to make the Outlook configuration heavy and would like to work only with personal Exchange mailbox. Moreover, a number of mailboxes extends the time necessary for Outlook to start and reduces its performance. Often a problem occurs when Full Access privileges have been revoked, but a user still sees the mailbox in Outlook window, but when trying to view its contents, the access permissions error is returned.
All these issues require the ability to disable Mailbox Auto Mapping for the users. This feature appeared in Exchange 2010 SP2.
To disable Auto Mapping for a specific mailbox, you can delete the corresponding data in msExchDelegateListLink and msExchDelegateListBL attributes manually using ADSIEdit.msc, but it is not very convenient. It is easier to use PowerShell cmdlets.
For example, to grant User1 Full Access to SharedMBX mailbox and disable Auto Mapping, use this command:
Add-MailboxPermission -Identity SharedMBX -User ‘User1’ -AccessRight FullAccess -InheritanceType All -Automapping $false
If the permissions have been already granted, you will have to revoke them first and then reassign them:
Remove-MailboxPermission -Identity SharedMBX -User ‘User1’ -AccessRight FullAccess -InheritanceType All
Add-MailboxPermission -Identity SharedMBX -User1 ‘User1’ -AccessRight FullAccess -InheritanceType All -Automapping $false
The following script allows to disable Auto Mapping for all users having the permissions for a certain shared mailbox:
$FixAutoMapping = Get-MailboxPermission sharedmailbox |where {$_AccessRights -eq “FullAccess” -and $_IsInherited -eq $false}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false}
Leave a Reply