Exchange: mail-enabled or mailbox-enabled and permissions

If you frequently work with Exchange mailboxes you probably know there’s a difference between mail-enabled and mailbox-enabled. Distribution/security groups or contacts, can be mail-enabled but don’t get a dedicated mailbox on their AD object. A user does get a real mailbox and is therefore called mailbox-enabled.

Please note however that when you mailbox-enable a user account the actual mailbox is not created immediately. Whenever the user uses Outlook to connect to the mailbox or the first mail message is being delivered, Exchange creates the mailbox. This poses problems for scripts where you create a user object, mailbox-enable it and immediately try to modify the mailbox security settings. As the mailbox doesn’t exist yet, you can see the security settings in the Exchange advanced tab as only having “SELF” on the mailbox. To remedy this, send a simple mail message to the user, wait a couple of seconds and the mailbox is created. When you re-check the Exchange permissions on the Exchange advanced tab you will see the permissions have now been placed on the mailbox.

• exchange
• mail-enabled
• mailbox-enabled