Skip to main content

Managing Access to a Shared Mailbox with Outlook

Introduction

By default, each Vmail Shared Exchange Mailbox (SEM) is created with three associated Active Directory (AD) Security Groups. The naming convention and brief description of each group is as follows:

Group Name* Function
<SEM Mailbox Name>-RM Resource Management (RM) – members of this group can modify the membership for the other SEM groups.
<SEM Mailbox Name>-FA Full Access (FA) – members of this group can access the mailbox to read, move, and delete mailbox items.
<SEM Mailbox Name>-SA Send As (SA) – members of this group can send email as the SEM (using the SEM’s address on the From: line).
* Where <SEM Mailbox Name> is the name of the Shared Exchange Mailbox.

Power users that manage Active Directory (AD) Security Groups can manage these groups using AD Tools. If you do not routinely use AD Tools please use Outlook as described below.

Managing SEM Groups Using Microsoft Outlook

The AD groups associated with each SEM appear in the Vmail Global Address List (GAL). To access the GAL, click on the Address Book button in Outlook:

Outlook 2010 Outlook 2007
In Outlook 2010 the Address Book button is in the Find section of the Home tab. In Outlook 2007 the Address Book button is next to the Search address books field on the toolbar.

In the window that appears, click on the Address Book menu and select SEM Management Groups.

Now begin typing the name of your shared mailbox into the Search field. You will now see your SEM with its associated Active Directory (AD) Security Groups.

If you do not see your AD groups listed in the GAL, see the Troubleshooting section at the end of this document.

Continue on, in order, through each section below to configure the access groups for the SEM.

Resource Management (<SEM Name>-RM)

The Resource Management group is set as the "Owner" of all the -SA and -FA AD groups associated with the SEM. Therefore, any person or AD group added to the -RM group will be able to manage the membership of all three security groups.

Membership in the -RM group alone does not grant permissions to access or Send as the SEM. Those privileges are given to members of the -FA and -SA groups respectively.

The initial member(s) of the –RM group is/are the VUnetID(s) specified when the SEM was created. If others will be managing the membership of the SEM's AD groups, the additional admin users or AD groups must be added to the –RM group.

To add a member to a group:

  1. Double-click on the group name in the Address Book window (ExampleSEM-RM in this case) and click on the Modify Members… button.
  2. Click on the Add... button.
  3. The Address Book window will appear. Select the user or group to have resource management rights over the other SEM AD security groups, click OK.
  4. Repeat steps 2 and 3 to assign additional resource managers, and then click OK.
  5. The members of the resource management group will now appear in the Member area of the -RM group's window.

To exercise the rights granted in becoming a member of the <SEMname>-RM group, individuals need to Log Off or Restart their computer. Upon authentication to the Vanderbilt domain, the ability to manage the membership of the remaining AD security groups is available.

Full Access(<SEM Name>-FA)

Members of the Full Access group can read, move, and delete mailbox items. Any member of the associated Resource Management group (<SEM Name>-RM) can manage the membership of the -FA group. Please note that Full Access membership does not give Send As rights. Send As rights are granted by membership in the Send As group (<SEM Name>-SA).

To add members to the Full Access group, follow the method for adding members to a group in the Resource Management section earlier in this document.

Send As(<SEM Name>-SA)

Members of the Send As group can send email as the mailbox name and email address. Members of this group can also read the mailbox contents. When multiple Exchange accounts are configured, Microsoft Outlook 2010 adds a From: line to all outgoing messages. Outlook 2007 users see the Troubleshooting section for adding the From: line.

Members of the Send As group will be able to select the SEM name in the From menu and send a message as the SEM. Important: If a person is assigned to the Full Access group, but not the Send As group, the SEM will still appear in the From: menu. However, unless the person is also assigned to the Send As group, the message will bounce with an insufficient privileges error.

To add members to the Send As group, follow the method for adding members to a group in the Resource Management section.


Troubleshooting

Problem - I cannot see my AD groups in the GAL.
Solution - If Outlook is configured to use Cached Mode, the GAL Address Book may need to be updated. To update your Address Book follow the instructions for your version of Outlook below.

Outlook 2010

  1. Click on the Send/Receive tab.
  2. Click on the Send/Receive Groups menu and select Download Address Books....
  3. Click OK and accept the default settings.
  4. When the operation completes, check the GAL again for the SEM AD security groups.

Outlook 2007

  1. Click on the Send/Receive button and select Download Address Book....
  2. Click OK and accept the default settings.
  3. When the operation completes, check the GAL again for the SEM AD security groups.

Problem - I cannot see the From line in Outlook 2007.
Solution - Please follow the instructions below.

  1. Open a new message window.
  2. Click on the Options tab.
  3. Click on the Show From button.
  4. All new message windows will now include the From field.
Printed Page Disclaimer
This web page is dynamic. Please refer to this web page http://it.vanderbilt.edu/services/messaging/vmail/sem/rights_management.php%20for the most up to date instructions.