Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Exchange / Disable Outlook Mailbox Auto-Mapping in Exchange/Microsoft 365

December 9, 2021 ExchangeMicrosoft 365Office 365Outlook

Disable Outlook Mailbox Auto-Mapping in Exchange/Microsoft 365

The Mailbox Auto-Mapping feature in on-premises Exchange Server and Exchange Online (Microsoft 365) is used to automatically connect shared mailboxes to an Outlook profile. When Outlook starts, it gets a list of additional mailboxes to map according to the AlternateMailbox attribute in Autodiscover. Outlook automatically connects shared mailboxes with Full Access permissions for the current user.

This is a useful feature because the user doesn’t need to manually connect additional shared mailboxes in Outlook settings. Up to 10 mailboxes can be mounted using the auto-mapping feature (Outlook restriction). But there is another problem: the user himself cannot remove additional mailboxes connected through auto-mapping from the Outlook profile.

automapping shared exchange mailbox in outlook

Exchange auto-mapping only works in the Outlook desktop apps. In Outlook Web App, shared mailboxes must be connected manually.

The auto-mapping for shared mailboxes in Exchange is based on two multivalued user attributes in Active Directory DS:

  • msExchDelegateListLink – shared mailbox attribute. Contains a list of Distinguished Names of user accounts that have been granted Full Access permissions to this mailbox;
  • msExchDelegateListBL – user attribute. Contains a list of mailboxes to which this user has Full Access rights.

msExchDelegateListLink and msExchDelegateListBL exchange attributes

When you grant full access to an Exchange mailbox (by using the Add-MailboxPermission cmdlet or from the Exchange Admin Center), these attributes are automatically updated on both the user and the mailbox.

You can get the values for these attributes in the user Attribute Editor in the ADUC ( dsa.msc) console or by using the Get-ADUser cmdlet.

You cannot directly access the msExchDelegateListBL and msExchDelegateListLink attributes in Exchange Online (Microsoft 365) because they are hidden by the Azure layer.

List the shared mailboxes that are automatically connected in a user’s Outlook:

Get-ADUser maxbak -Properties msExchDelegateListBL | Select -ExpandProperty msExchDelegateListBL

List the users of the shared mailbox to which it automatically connects:

Get-ADUser finance_de -Properties msExchDelegateListLink | Select -ExpandProperty msExchDelegateListLink

You can manually change the value of these attributes using the Set-ADUser cmdlet. For example, you can automatically connect a shared mailbox with read-only permissions.

Set-ADUser -Identity maxbak -Add @{msExchDelegateListLink/BL=finance_de}

When trying to delete a shared mailbox connected via Auto-Mapping, an Outlook error appears:

This group of folders is associated with an e-mail account. To remove the account, click the File Tab, and on the Info tab, click Account Settings. Select the e-mail account, and then click Remove.

These mailboxes also don’t appear in the Outlook profile settings under the Additional Mailboxes section of the Advanced tab. To remove such a shared mailbox in Outlook, you will have to disable automapping using PowerShell.

additional mailboxes in the outlook exchange profile

You can disable Outlook Auto-Mapping for a specific shared mailbox in Exchange using PowerShell. Connect to your on-prem Exchange Server using EMS or remotely from the PowerShell console:

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mun-mbex1.woshub.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session

For example, to grant TestUser1 Full Access permissions to SharedMBX mailbox and disable Auto Mapping in Outlook, use this command:

Add-MailboxPermission -Identity SharedMBX -User TestUser1 -AccessRight FullAccess -InheritanceType All -Automapping $False

This cmdlet clears the mailbox references in the msExchDelegateListBL and msExchDelegateListLink attributes.

It should be noted that Auto Mapping won’t work if the access to a mailbox is assigned by the AD security group. Assign permissions on a per-user basis.

If the permissions have been already granted, you will have to revoke them first and then reassign:

Remove-MailboxPermission -Identity SharedMBX -User TestUser1 -AccessRight FullAccess -InheritanceType All
Add-MailboxPermission -Identity SharedMBX -User1 TestUser1 -AccessRight FullAccess -InheritanceType All -Automapping $False

The following script allows to disable Auto-Mapping for all users having the permissions for a certain shared mailbox:

$FixAutoMapping = Get-MailboxPermission SharedMBX |where {$_AccessRights -eq “FullAccess” -and $_IsInherited -eq $False}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $False}

In Exchange Online (Microsoft 365), you can also enable or disable automatic mapping of shared mailboxes by using the Add-MailboxPermission cmdlet.

Connect to your tenant using the EXOv2 PowerShell module:

Connect-ExchangeOnline

In order to grant permissions and disable automapping for a shared mailbox in Microsoft 365:

Add-MailboxPermission -Identity maxbak@woshub.onmicrosoft.com -User sales_de@woshub.onmicrosoft.com -AccessRights FullAccess -AutoMapping:$False

Accordingly, if you need to enable mailbox in automapping Outlook, use the -AutoMapping:$True parameter.

In Microsoft 365, you can clear the AutoMapping attribute with this command:

Remove-MailboxPermission sales_de -ClearAutoMapping -Confirm:$False

After that, the mailbox will automatically map only to the mailbox owner’s Outlook profile.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
How to Connect and Manage Exchange Online with PowerShell
next post
Upgrade Microsoft SQL Server Evaluation Edition to Standard/Enterprise

Related Reading

Fix: “Something Went Wrong” Error When Installing Teams

May 2, 2023

Send Outlook Emails Using Excel VBA Macro or...

April 11, 2023

Send from Alias (SMTP Proxy Address) in Exchange...

April 6, 2023

How to Use Plus Addressing in Microsoft 365...

April 5, 2023

Save Sent Items in Shared Mailbox on Exchange...

April 3, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configuring Event Viewer Log Size on Windows

    May 24, 2023
  • How to Detect Who Changed the File/Folder NTFS Permissions on Windows?

    May 24, 2023
  • Enable Single Sign-On (SSO) Authentication on RDS Windows Server

    May 23, 2023
  • Allow Non-admin Users RDP Access to Windows Server

    May 22, 2023
  • How to Create, Change, and Remove Local Users or Groups with PowerShell?

    May 17, 2023
  • Fix: BSOD Error 0x0000007B (INACCESSABLE_BOOT_DEVICE) on Windows

    May 16, 2023
  • View Success and Failed Local Logon Attempts on Windows

    May 2, 2023
  • Fix: “Something Went Wrong” Error When Installing Teams

    May 2, 2023
  • Querying Windows Event Logs with PowerShell

    May 2, 2023
  • Configure Windows LAPS (Local Administrator Passwords Solution) in AD

    April 25, 2023

Follow us

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Outlook Keeps Asking for Password on Windows
  • How to Manually Configure Exchange or Microsoft 365 Account in Outlook 365/2019/2016?
  • FAQ: Licensing Microsoft Exchange Server 2019/2016
  • Whitelist Domains and Email Addresses on Exchange Server and Microsoft 365
  • Moving Exchange Mailboxes to Different Database
  • How to Cleanup, Truncate or Move Log Files in Exchange Server 2013/2016/2019?
  • Search and Delete Emails from User Mailboxes on Exchange Server (Microsoft 365) with PowerShell
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top