Tag Archives: Shared Mailbox

Open attachment in Shared Mailbox using OWA

Last September Microsoft released their quarterly Cumulative Updates for Exchange, Exchange 2016 CU18 and Exchange 2019 CU7. This was quickly followed by a security update, KB4581424 that addresses the CVE-2020-16969 Microsoft Exchange Information Disclosure vulnerability.

Unfortunately, the Exchange 2016 CU18 and Exchange 2019 CU7 contain a nasty bug. If you use OWA, open a shared mailbox and try to access an attachment, OWA redirects to Office 365 instead of the on-premises Exchange 2016/2019 server to download it. This happens in an hybrid environment, but also in a pure on-premises Exchange deployment without any Office 365 connection.

The error message reads:

Hmmm… can’t reach this page
It looks like the webpage at
https://outlook.office365.com/owa/sharedmailbox@contoso.com/services.svc/s/GetAttachmentDownloadToken?redirect=%2fowa%sharedmailbox%40contoso.com%fservices.svc%2fservices.svc%2fsGetFileAttachment….

Microsoft is aware of this issue and it will be fixed in the next Cumulative Updates for Exchange 2016 and Exchange 2019. Looking at the quarterly cadence this should be by the end of this year.

If you have a Microsoft Premier support contract and this is an issue that impacts your business you can open a support ticket and request a fix for this. This service is available for Premier support customers only.

This fix is a replacement for the KB4581424 security update, as such it contains all the fixes in KB4581424, plus the OWA Attachment hotfix. If you are a Premier support customer and do have this fix available, make sure that you uninstall the KB4581424 first before installing this update.
One workaround that I’ve seen in a newsgroup is not to open the Shared Mailbox as “Open another mailbox” but as “Add shared folder”. This should work also, but I have not tested it. I do have a customer with a Premier support contract, I can confirm the problem is fixed in the interim update.

create Shared Mailbox in Exchange Hybrid

Every now and then I get a question regarding creation of Room- or Shared Mailboxes in Office 365 when Exchange Hybrid is in place.There are multiple solutions available, but at the same time there are some restrictions as well. In this blog post I’ll discuss Room Mailboxes, Equipment Mailboxes and Shared Mailboxes.

Room Mailbox

To create a room Mailbox in your hybrid environment create a user account for this room mailbox first. In this example I’m going to create a Room Mailbox called ‘conference room 1st floor’ and have it created directly in Office 365 (for your information, I’ve tested this with Exchange 2010 hybrid as well as Exchange 2016 hybrid).

image

To create the Mailbox in Exchange Online, you can use the Enable-RemoteMailbox cmdlet in Exchange PowerShell. This will mail-enable the account in your on-premises environment and will automatically create a mailbox in Exchange Online the next time Azure AD Connect runs. For the Enable-RemoteMailbox cmdlet you need to use the -RemoteRoutingAddress (which should point to the Mailbox in Exchange Online) and for a Room Mailbox you have to use the -Room option. If you want to create a Shared Mailbox you can use the -Shared option, the result will be the same.

To create the Room Mailbox in Exchange Online we can use the following command:

Get-User -Identity Conference1 | Enable-RemoteMailbox -Room -RemoteRoutingAddress conference1@inframan.mail.onmicrosoft.com

image

When Azure AD Connect has run, the account has been provisioned in Azure AD and the Room Mailbox has been created. It is visible in Exchange Online EAC and permissions can be granted to other users can manage the Room Mailbox.

image

Resource (Equipment) Mailbox

To create a Resource (aka Equipment) Mailbox the process is very similar. First create a user account for the Equipment Mailbox in Active Directory and fill the appropriate attributes, like this:

av

To create the Equipment Mailbox directly in Exchange Online, execute the following in PowerShell (on your on-premises Exchange server):

Get-User -Identity AVEquipment | Enable-RemoteMailbox -Equipment
-RemoteRoutingAddress avequipment@inframan.mail.onmicrosoft.com

equipment

Again, when Azure AD Connect has run, the account is provisioned in Azure AD and the Mailbox is created in Exchange Online:

mbx

Shared Mailboxes

Createing Shared Mailboxes is a bit problematic, after all these years there’s still no option like -Shared when using the Enable-RemoteMailbox cmdlet in Exchange PowerShell so we have to figure out another way to create a Shared Mailbox in Exchange Online when using Azure AD Connect and a Hybrid environment.

<more to come soon>

 

MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled not available in CU9

You have Exchange 2013 CU9 running in your environment and you want to configure the option to store sent messages in the shared Mailbox instead of the user’s mailbox as described in my blogpost Exchange 2013, Shared Mailbox and Sent Items.

But when you open the Exchange Management Shell and try to change the Mailbox settings using the Set-Mailbox cmdlet, the options -MessageCopyForSentAsEnabled and -MessageCopyForSendOnBehalfEnabled are not available.

To solve this you can run the setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms command from the CU9 installation media.

But why wasn’t this run during installation of Exchange 2013 CU9 in the first place?

You might expect that when running the setup application (either using the GUI or using setup.exe /mode:upgrade) that the upgrade of the Active Directory Configuration partition automatically takes place.

However, this is not always the case. It turns out that when there are no Schema changes during the upgrade process, which is the case when upgrading from Exchange 2013 CU7 or CU8 to Exchange 2013 CU9, the preparation of the Configuration Partition in Active Directory is automatically skipped by the setup application.

This is a bit annoying and nothing will break (except the fact you’re missing some new functionality) and can be solved by running the Setup.exe /PrepareAD later on.

Exchange 2013, Shared Mailbox and Sent Items

When users are using shared mailboxes and send email messages out of this Mailbox, you want these messages to be stored in the shared Mailbox. This was already possible in Exchange 2010, but only starting in CU9 this is possible in Exchange 2013 as well.

It is a setting on the shared Mailbox and has to be set using the Exchange Management Shell and works for shared Mailboxes where both the Sent As permissions and Sent on Behalf of permissions are granted.

For shared Mailboxes with the Sent As permissions use the following command:

Set-Mailbox <mailbox> -MessageCopyForSentAsEnabled $True

For shared Mailboxes with the Sent On Behalf of permissions use the following command:

Set-Mailbox <mailbox> -MessageCopyForSendOnBehalfEnabled $True

image

When testing with Outlook (2013 in this case) and a shared Mailbox where Full Access and Sent As permissions are granted the email message that was sent is stored in the shared Mailbox.

image

A couple of remarks:

  • The email message is stored in the shared Mailbox, but a copy is stored in the user’s Mailbox as well.
  • This feature was already available in Office 365 (and can be set using Remote PowerShell).
  • If the –MessageCopyForSentAsEnabled and the –MessageCopyForSendOnBehalfEnabled are not available you should run the Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms in your environment to make the appropriate changes in the AD’s Configuration partition.

Shared Mailboxes in Office 365

In Exchange 2013 there are regular Mailboxes and there are Shared Mailboxes. The latter are user independent Mailboxes and have common email addresses, for example info@contoso.com or sales@contoso.com. These Mailboxes don’t have a specific user account but are mostly shared between a number of users.

The interesting part is that you don’t need a license to implement a Shared Mailbox (or a Resource Mailbox for that matter) but the users that access the Shared Mailbox need to be licensed though.

There used to be a 10 GB size limit on Shared and Resource Mailboxes, but this was changed recently (November 2014) and all Shared and Resource mailboxes are now restricted to 50GB, just as regular Mailboxes. You can check this on the Exchange Online Limits page on Technet.

Continue reading Shared Mailboxes in Office 365