We have a lot of shared mailboxes. Mailboxes that are setup as -type shared. It basically is a mailbox that the AD account has been disabled on, that people use their own username and password to access. One of my tasks as and Exchange Admin is to give people and remove peoples rights from these mailboxes. To help me with this process, I have created a permissions.ps1 script that I use. The syntax is .\permission.ps1 shared_mailbox_name user_name
param($mailboxname,$user) $mailbox = get-mailbox $mailboxname #Give user full mailbox rights Add-MailboxPermission -Identity $mailbox -User $user -AccessRights 'FullAccess' #Give user send-as rights to mailbox Add-ADPermission -Identity $mailbox.DisplayName -User $user -ExtendedRights 'Send-as'
NOTE: If you give a person Full Mailbox rights to a mailbox, if they are running Outlook 2010, then it will automatically add that new mailbox as a mailbox to their Outlook. If you are using SP2 of Exchange 2010, you can add a parameter to the add-mailboxpermission cmdlet that will block this from happening. You can add the -AutoMapping $false to the command.
The Automapping parameter specifies whether to ignore the auto-mapping feature in Outlook. If a user is granted Full Access permissions to another user’s mailbox or to a shared mailbox, Outlook, through Autodiscover, automatically loads all mailboxes to which the user has full access. This parameter accepts
$falsevalues. For more information about auto-mapping, [Source]
You can find more details here.
I also sometimes use the following script to remove permissions from the shared mailbox.
param($mailboxname,$user) $mailbox = get-mailbox $mailboxname #Give user full mailbox rights Remove-MailboxPermission -Identity $mailbox -User $user -AccessRights 'FullAccess' #Give user send-as rights to mailbox Remove-ADPermission -Identity $mailbox.DistinguishedName -User $user -ExtendedRights 'Send-as'