Automapping mailboxes to Outlook

Automapping mailboxes to Outlook means the mailbox you gain access to will be automatically added to your Outook Client or Outlook Web Access (Exchange Online).

No need to add additional mailboxes after an administrator have granted you permission. Life is wonderful 🙂

Except if you have permission to alot of mailboxes, and it takes up all your desktop space. Should have been some intelligence bringing the most used mailboxes to the top of the list at least.

So who can have automapping? Users with individual permission to a mailbox. It does not work if you are given permission inherited by a group.

How do you give automapping? By default users with Full Access are automatically enabled for automapping when grantind access using Add-MailPermission or the Exchange GUI, so in order to disable automapping you need to create the permission and specify automapping should be set to false:

Add-MailboxPermission -Identity SharedMailbox -User UserMailbox -AccessRights FullAccess -AutoMapping:$false

Where is this automapping saved? It is an attribute stored in Active Directory on the mailbox object you receive access to, and can be found using PowerShell or Attribute Editor: msExchDelegateListLink

$Users = Get-ADUser -SearchBase "OU=Resources,DC=itiscloudy,DC=com" -Filter *
ForEach ($User in $Users){
(Get-ADUser $user -Properties msExchDelegateListLink | Select UserPrincipalName,msExchDelegateListLink)
}

This is also synchronized to Azure AD when Azure AD Connect is configured in Hybrid Mode, but it is not part of the writeback from Azure AD. So when you apply MailboxPermission for a user on a mailbox cross the hybrid configuration, you need to manual set automapping on the mail enabled users linked attribute named msExchDelegateListLinkBL. Then Azure AD Connect will synchronize this attribute to Azure AD and apply it to the Azure AD User object.

How do I remove automapping? You can remove permissions and add permissions with the Set-MailboxPermission and use -Automapping $false, or in Exchange Online we can clear the automappinglist on each mailbox.

Remove-MailboxPermission sharedmailbox@johana30.sg-host.com -ClearAutoMapping

To remove automapping for On-Premises Exchange, we can automate it with this script, which will remove all mailbox permissions where the permission is Full Access and is not inherited:

$MailboxUsers = Get-Mailbox -Filter * -ResultSize Unlimited

ForEach ($User in $MailboxUsers){
$FixAutoMapping = Get-MailboxPermission $MailboxUsers.UserPrincipalName | where {$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false
}

 


Leave a Reply

Ehlo!

I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts

    %d bloggers like this: