Saturday, June 14, 2008

Generic User Accounts | Exchange 2007 Shared Mailboxes

In an organization, there are mailboxes required that are shared by many individuals in a particular department... I will say them as generic accounts that a group of people use for common mail access. However, the Information Security team may take it as offensive as they have an active mailbox enabled user account... and if you decide to close on them, it becomes really difficult as users are used to them as it helps them to organize and manage their tasks efficiently... and instead creating the Distribution List with the same email address won't solve the purpose.

In Exchange 2007, we have concept of shared mailbox recipient type. When we create a mailbox as 'shared' it creates a disabled active directory account to which the mailbox is connected. Shared mailboxes do not have an associated password so we must grant mailbox permissions for the users requiring access to that mailbox.

Advantages

  • Disabled accounts act as a security measure.
  • Since the user account is disabled by default no initial password is required.
  • If desired, existing mailboxes can be converted to shared mailboxes. Users can still be able to access emails and continue to receive emails on that mailbox.
  • Will let the users to continue their operations more or less the same way.
  • No need to setup Distributions Lists on account of closure of their respective generic accounts.

9 comments:

Anonymous said...

Is their a way to turn off the shared view so that if one user opens a mail it is not marked as read for the other users. Thanks

Vinay Pal Singh said...

If you want to maintain per user read information, the best option for you is to use Public Folders instead and turn on this option. Not possible in Shared Mailboxes though.

Vinay

Eric said...

Is there a way to accomplish this with Exchange 2003?

Vinay Pal Singh said...

No, its not possible to accomplish this in Exchange 2003. Its a brand new feature of Exchange 2007 including the concept of Room mailbox, Equipment mailbox and Linked mailbox.

Pedro said...

You can do the same thing in Exch 2003.
- Create a user with a mailbox
- Wait or force the creation of that mailbox
- Disable the user
- In the security tab, add permitions to the users you want to access the mailbox and "Send as", if necessary
- In the security tab, add the right to the "Self" user of "external associated account"

It wotks fine.
Best regards.

Vinay Pal Singh said...

Yes, it will work but then again you can still logon directly via webmail from that account if you know the password. So if you want to put security controls to prevent that, the concept of Shared Mailboxes in Exchange 2007 comes into picture.

Cheers!

Mahroof NM said...

Hi, i have the same case, i have a mail id which is shared between 3 users, they dont have other mail id, all of them use the same id for sending and receiving mails, they want to keep their copies seperately,even their folders and contacts and read or not read marks...

Anonymous said...

Do you need an AD CAL and or an Exchange CAL for this shared Mailbox?

Viagra Online said...

Interesting and very useful information, I didn't know it but this blog can becomes in my best tool. I like the way like you distribute the content, specially with the form like you redact the text, is something gloriously because most of the blogger are loosing the style, and that's a shame. yet all, we need even more about "generic accounts" because I think the category is new.