Auto-mapping of Shared Mailboxes in a Resource Forest Topology

Starting with Exchange Server 2010 Service Pack 1, Outlook automatically opens mailboxes where an Exchange administrator has granted you full access permission. This is for example explained in an article written by Steve Goodman. This feature use the Active Directory attributes msExchDelegateListLink and msExchDelegateListBL. AutoDiscover populates the AlternativeMailbox attribute to inform Outlook about these shared mailboxes. The same attribute is used to inform Outlook about your personal archive mailbox.

Figure 1: AutoDiscover AlternativeMailbox

Starting with Service Pack 2 you can use the parameter -AutoMapping $false with the Add-MailboxPermission command to disable the auto-mapping feature.

However, there is still an issue if you use a resource forest topology.

In a resource forest topology the shared mailbox is located in the resource forest and the account that gets permission on this shared mailbox is located in the account forest. In my test lab the account forest is called “Corp” and the resource forest is called “Provider”.

Figure 2: Full Access Granted to the Account Forest User

Figure 2 shows that the attributes msExchDelegateListLink and msExchDelegateListBL are not set after you execute the Add-MailboxPermission command.

Additionally you have to provide full access permission to the disabled account of the linked mailbox in the resource forest.

Figure 3: Full Access Granted to the Disabled Resource Forest User Object

Please be aware that only granting full access permission to the disabled resource forest user object of the linked mailbox does not work. Outlook would automatically map the shared mailbox, but you would not be able to open the mailbox. You will receive the error message “Cannot expand the folder” if you try to access the shared mailbox.