You are on page 1of 17

MAILBOX

DELEGATION AND
PERMISSIONS
Pritam Kumar Das
Index
■ Mailbox Delegation
■ Difference between Delegation, Sharing and Ownership
■ Types of Permission
■ Assign Mailbox Permissions using –
Exchange Management Shell (EMS)
GU Interface
■ Email forwarding and Re-direction
■ Shared SMTP Address Spaces
Mailbox Delegation
The Exchange mailbox is the part of the Exchange mail
store that holds the data for a single account (such as a
user or a resource) in Active Directory (AD).
The mailbox owner can login-to and has full control of an
Exchange mailbox.
A mailbox owner or an administrator can delegate
access to other accounts.
The level of access varies according to the process used
for delegation.
Difference between Delegation, Sharing
and Ownership
• Delegation, or Delegate Access, is a feature in Exchange that allows
one person to act on behalf of another. This allows the delegate to act
on behalf of the account owner, including creating and responding to
mail, meeting requests, and so on.

• Sharing is granted through folder sharing. This allows you to view the
shared item(s) that the account owner has shared with you. It does not
allow someone to respond on your behalf.

• Ownership means that you are in charge of your own resource, and can
share folders or grant delegate access to others for that account.
Types of Permission
Full Access : Delegated user can map the entire mailbox in his/her
Outlook/OWA and view the Items.

Send As : User can send mail(s) pretending


to be someone, however the sent mail will
be visible in the sent items of the intended
sender.

Send On Behalf : User can send mail(s) on


behalf of another user, however recipient
will be able to recognize the actual sender.
Assign Mailbox Permissions using EMS
Full Access
Add-MailboxPermission -Identity <MailBox> -AccessRights FullAccess -User
<User> -InheritanceType All

Ownership
Add-MailboxPermission -Identity “Mailbox” –Owner <User>

Send As
Add-RecipientPermission <identity> -AccessRights SendAs -Trustee <user>

Send On Behalf
Set-Mailbox <Mailbox> -GrantSendOnBehalfTo <User>
Assign Mailbox Permissions using GUI
Full Access
Send As
Send On Behalf
Email forwarding and Re-direction in 2k7 and 2k10
Email forwarding and Re-direction in 2k13 and Office 365
Email forwarding and Re-direction using Transport rules
Good to know points
■ Authoritative Domains : Email is delivered only to valid recipients in this Exchange organization.
All email for unknown recipients is rejected.
■ Internal Relay Domains : Email is delivered to recipients in this Exchange organization or relayed
to an email server at another physical or logical location.
Good to know points
Exchange Connectors
Exchange 2k7 and Exchange 2K10
 Receive Connectors
 Send Connectors
Exchange 2k13 and Exchange Online
 Inbound Connectors
 Outbound Connectors

SMTP Relay
Relay SMTP traffic using authenticated and defined host.
Port 25 for SMTP Traffic | Port 587 for TLS SMTP traffic

Smart Host
FQDN or IP of the machine that is allowing SMTP traffic to pass via the same machine.
Inbound and Outbound connectors in Office365/ Exchange 2K13
Shared SMTP Address Spaces
 Two companies merge but maintain separate systems.
 Non-Exchange systems are involved in the email environment, eg a Unix Sendmail
server.
Edge Synchronization
■ The Microsoft Exchange EdgeSync service is the data synchronization service that periodically
replicates configuration data from Active Directory to a subscribed Edge Transport server.
■ The Microsoft Exchange EdgeSync service runs on all Hub Transport servers.
■ Data is pushed from Active Directory by the Hub Transport server inside the organization to the
Edge Transport server in the perimeter network.
■ Hub Transport server always initiates the synchronization session and that the Microsoft Exchange
EdgeSync service performs only one-way synchronization from Active Directory to ADAM.
■ Data from ADAM is never synchronized to Active Directory.

You might also like