{"id":1391,"date":"2014-01-23T21:20:03","date_gmt":"2014-01-23T21:20:03","guid":{"rendered":"http:\/\/dollarunderscore.azurewebsites.net\/?p=1391"},"modified":"2014-01-23T21:25:22","modified_gmt":"2014-01-23T21:25:22","slug":"shared-mailbox-management-automated","status":"publish","type":"post","link":"https:\/\/p0wershell.com\/?p=1391","title":{"rendered":"Shared Mailbox Management – Automated!"},"content":{"rendered":"

This can be quite hard in a large organisation. It’s one thing to migrate the ACLs to Office 365 one time, it’s another thing to keep them updated.<\/p>\n

At least I was kind of lost on how to tackle this problem in the beginning.<\/p>\n

This is probably not the perfect solution, but it saves us a lot of time!<\/p>\n

Short version (everything in the list below is done by powershell):<\/p>\n

    \n
  1. \u00a0The shared mailbox user account gets created by a powershell script that reads the output of the order form (which currently\u00a0gets approved\/created by helpdesk).<\/li>\n
  2. \u00a0An access group gets created<\/li>\n
  3. \u00a0An owner group gets created<\/li>\n
  4. \u00a0The ACLs of the access group\u00a0is changed so the owner group has access to change it’s members, and the “Managed By”-attribute is set.<\/li>\n
  5. The owner group\u00a0becomes a member\u00a0of another group, which\u00a0gives access to\u00a0a powershell form published in our Citrix-farm.\u00a0This form is used for\u00a0managing the membership of the mailbox access group.<\/li>\n
  6. The owner (typically the person who ordered the mailbox) gets added to Owner-group and Access-group.<\/li>\n
  7. \u00a0Another script looks for new access groups and shared mailboxes, finds it in Exchange Online\/Azure, creates the shared mailbox and\u00a0assigns the “Full Access\/Send As”-rights\u00a0to the “access group”.<\/li>\n
  8. All the ACLs are verified to make sure everything went according to plan.<\/li>\n
  9. If everything has been done correctly, an e-mail gets sent to the members of the “owner-group” with a link to a guide explaining where to find the Citrix app (PowerShell form), how to add the new mailbox in outlook etc….<\/li>\n<\/ol>\n

    The PowerShell-form, when started by a user, finds all the\u00a0“Owner-groups” the current user is a member of and lists the corresponding mailboxes in a droplist. When a mailbox is selected, it lists the members and allows the user to add new ones and remove current ones.<\/p>\n

    You search by entering a Name, E-mailaddress or SamAccountName, the search goes off “in real time” (OnChange), no search button.<\/p>\n

    Here’s a screenshot of the form\u00a0when started:<\/p>\n

    \"mbx-management\"<\/a><\/p>\n

    This is how it looks when a mailbox is selected: (sorry for all the blurring…)<\/p>\n

    \"MBXInAction\"<\/a><\/p>\n

    This allows any user to manage their own mailbox in an easy and userfriendly way, and they dont need to contact helpdesk everytime someone else needs access to the mailbox, or needs to be removed.<\/p>\n

    And that’s it! \ud83d\ude42<\/p>\n

    I will try to do some blog posts on the steps\u00a0involved\u00a0in this process, at least those who were\u00a0kind of\u00a0tricky to achieve. (Setting ACLs in AD was not as straightforward as I thought…)<\/p>\n

    Any code that I think is applicable for someone else will of course be published!<\/p>\n

    Stay tuned!<\/p>\n","protected":false},"excerpt":{"rendered":"

    This can be quite hard in a large organisation. It’s one thing to migrate the ACLs to Office 365 one time, it’s another thing to keep them updated. At least I was kind of lost on how to tackle this problem in the beginning. This is probably not the perfect solution, but it saves us […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[441,141,111,21,151],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3Zj0A-mr","_links":{"self":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts\/1391"}],"collection":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1391"}],"version-history":[{"count":0,"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts\/1391\/revisions"}],"wp:attachment":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}