Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Exchange / Disable Outlook Mailbox Auto-Mapping in Exchange/Microsoft 365

December 9, 2021 ExchangeMicrosoft 365Office 365Outlook

Disable Outlook Mailbox Auto-Mapping in Exchange/Microsoft 365

The Mailbox Auto-Mapping feature in on-premises Exchange Server and Exchange Online (Microsoft 365) is used to automatically connect shared mailboxes to an Outlook profile. When Outlook starts, it gets a list of additional mailboxes to map according to the AlternateMailbox attribute in Autodiscover. Outlook automatically connects shared mailboxes with Full Access permissions for the current user.

This is a useful feature because the user doesn’t need to manually connect additional shared mailboxes in Outlook settings. Up to 10 mailboxes can be mounted using the auto-mapping feature (Outlook restriction). But there is another problem: the user himself cannot remove additional mailboxes connected through auto-mapping from the Outlook profile.

automapping shared exchange mailbox in outlook

Exchange auto-mapping only works in the Outlook desktop apps. In Outlook Web App, shared mailboxes must be connected manually.

The auto-mapping for shared mailboxes in Exchange is based on two multivalued user attributes in Active Directory DS:

  • msExchDelegateListLink – shared mailbox attribute. Contains a list of Distinguished Names of user accounts that have been granted Full Access permissions to this mailbox;
  • msExchDelegateListBL – user attribute. Contains a list of mailboxes to which this user has Full Access rights.

msExchDelegateListLink and msExchDelegateListBL exchange attributes

When you grant full access to an Exchange mailbox (by using the Add-MailboxPermission cmdlet or from the Exchange Admin Center), these attributes are automatically updated on both the user and the mailbox.

You can get the values for these attributes in the user Attribute Editor in the ADUC ( dsa.msc) console or by using the Get-ADUser cmdlet.

You cannot directly access the msExchDelegateListBL and msExchDelegateListLink attributes in Exchange Online (Microsoft 365) because they are hidden by the Azure layer.

List the shared mailboxes that are automatically connected in a user’s Outlook:

Get-ADUser maxbak -Properties msExchDelegateListBL | Select -ExpandProperty msExchDelegateListBL

List the users of the shared mailbox to which it automatically connects:

Get-ADUser finance_de -Properties msExchDelegateListLink | Select -ExpandProperty msExchDelegateListLink

You can manually change the value of these attributes using the Set-ADUser cmdlet. For example, you can automatically connect a shared mailbox with read-only permissions.

Set-ADUser -Identity maxbak -Add @{msExchDelegateListLink/BL=finance_de}

When trying to delete a shared mailbox connected via Auto-Mapping, an Outlook error appears:

This group of folders is associated with an e-mail account. To remove the account, click the File Tab, and on the Info tab, click Account Settings. Select the e-mail account, and then click Remove.

These mailboxes also don’t appear in the Outlook profile settings under the Additional Mailboxes section of the Advanced tab. To remove such a shared mailbox in Outlook, you will have to disable automapping using PowerShell.

additional mailboxes in the outlook exchange profile

You can disable Outlook Auto-Mapping for a specific shared mailbox in Exchange using PowerShell. Connect to your on-prem Exchange Server using EMS or remotely from the PowerShell console:

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mun-mbex1.woshub.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session

For example, to grant TestUser1 Full Access permissions to SharedMBX mailbox and disable Auto Mapping in Outlook, use this command:

Add-MailboxPermission -Identity SharedMBX -User TestUser1 -AccessRight FullAccess -InheritanceType All -Automapping $False

This cmdlet clears the mailbox references in the msExchDelegateListBL and msExchDelegateListLink attributes.

It should be noted that Auto Mapping won’t work if the access to a mailbox is assigned by the AD security group. Assign permissions on a per-user basis.

If the permissions have been already granted, you will have to revoke them first and then reassign:

Remove-MailboxPermission -Identity SharedMBX -User TestUser1 -AccessRight FullAccess -InheritanceType All
Add-MailboxPermission -Identity SharedMBX -User1 TestUser1 -AccessRight FullAccess -InheritanceType All -Automapping $False

The following script allows to disable Auto-Mapping for all users having the permissions for a certain shared mailbox:

$FixAutoMapping = Get-MailboxPermission SharedMBX |where {$_AccessRights -eq “FullAccess” -and $_IsInherited -eq $False}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $False}

In Exchange Online (Microsoft 365), you can also enable or disable automatic mapping of shared mailboxes by using the Add-MailboxPermission cmdlet.

Connect to your tenant using the EXOv2 PowerShell module:

Connect-ExchangeOnline

In order to grant permissions and disable automapping for a shared mailbox in Microsoft 365:

Add-MailboxPermission -Identity maxbak@woshub.onmicrosoft.com -User sales_de@woshub.onmicrosoft.com -AccessRights FullAccess -AutoMapping:$False

Accordingly, if you need to enable mailbox in automapping Outlook, use the -AutoMapping:$True parameter.

In Microsoft 365, you can clear the AutoMapping attribute with this command:

Remove-MailboxPermission sales_de -ClearAutoMapping -Confirm:$False

After that, the mailbox will automatically map only to the mailbox owner’s Outlook profile.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
How to Connect and Manage Exchange Online with PowerShell
next post
Upgrade Microsoft SQL Server Evaluation Edition to Standard/Enterprise

Related Reading

Finding Duplicate E-mail (SMTP) Addresses in Exchange

January 27, 2023

Granting Send As and Send on Behalf Permissions...

December 21, 2022

How to Manually Configure Exchange or Microsoft 365...

December 5, 2022

Exporting Microsoft 365 (Exchange Online) Mailbox to PST

November 23, 2022

How to Enable Maintenance Mode on Exchange Server?

November 16, 2022

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023
  • Adding Trusted Root Certificates on Linux

    January 9, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Outlook Keeps Asking for Password on Windows
  • How to Manually Configure Exchange or Microsoft 365 Account in Outlook 365/2019/2016?
  • Whitelist Domains and Email Addresses on Exchange Server and Microsoft 365
  • How to Cleanup, Truncate or Move Log Files in Exchange Server 2013/2016/2019?
  • Moving Exchange Mailboxes to Different Database
  • Fix: Microsoft Outlook Search Not Working on Windows 10/11
  • How to Delete or Rename Default Mailbox Database in Exchange Server?
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top