Exchange: mail-enabled or mailbox-enabled and permissions

If you frequently work with Exchange mailboxes you probably know there’s a difference between mail-enabled and mailbox-enabled. Distribution/security groups or contacts, can be mail-enabled but don’t get a dedicated mailbox on their AD object. A user does get a real mailbox and is therefore called mailbox-enabled.

Please note however that when you mailbox-enable a user account the actual mailbox is not created immediately. Whenever the user uses Outlook to connect to the mailbox or the first mail message is being delivered, Exchange creates the mailbox. This poses problems for scripts where you create a user object, mailbox-enable it and immediately try to modify the mailbox security settings. As the mailbox doesn’t exist yet, you can see the security settings in the Exchange advanced tab as only having “SELF” on the mailbox. To remedy this, send a simple mail message to the user, wait a couple of seconds and the mailbox is created. When you re-check the Exchange permissions on the Exchange advanced tab you will see the permissions have now been placed on the mailbox.

Geschreven door:

Arnout van der Vorst

Arnout van der Vorst is Identity Management Architect bij Tools4ever en al ruim 10 jaar in dienst. Arnout legt zich als Architect toe op het bedenken en ontwikkelen van nieuwe features, oplossingen en diensten van Tools4ever die aansluiten op de vraag uit de markt. Arnout studeerde Hogere Informatica aan de Hogeschool van Utrecht.