Sharing Is Not ALWAYS Caring

This post is a bit narrower in scope than my others but I think the solution is too cool not to share so here goes…


Office 365 has a very helpful (no sarcasm) feature which auto-maps mailboxes for Outlook users if said user has Full Access permissions to the mailbox. For example, if Norma in accounting has full access to the Accounting shared mailbox then it will automatically appear in her Outlook without her having to follow this process (The Old Way). If Norma’s assistant, George, is granted full access to her mailbox then it will automatically show up in his Outlook without any additional work done on his end. Auto-mapping is a cool feature that saves Office 365 admins a lot of work but it has a couple limitations.


The first issue with auto-mapping is that mailboxes mapped through this feature cannot be unmapped by the end user in Outlook or by the Office 365 admin in the Office 365 Exchange Admin Console UNLESS the user’s permissions are removed from the mailbox. If you have Full Access permissions to dozens of mailboxes this can annoying because they will all show on the left side of Outlook. This annoying UI clutter in Outlook wouldn’t be so dire if not for the second limitation of auto-mapping.


Outlook has never been accused of be blazing fast but the later versions have improved performance drastically, unless Office 365 auto-mapping has blessed you with a handful of mailboxes. Microsoft is aware that Outlook slows down drastically if multiple mailboxes are mapped. The solution is simple, remove the permissions on the mailbox for the user with a Outlook performance issues and then re-map it in PowerShell with the -AutoMapping:$false switch. This solution is easy enough unless you are in a situation where you need to perform these steps for 10 users across 12 mailboxes and you aren’t positive on which 12 mailboxes each user needs to be modified on. Suddenly you’re staring down the barrel of making 200+ changes manually. Until now!


After connecting PowerShell to Microsoft Online we’re ready to use the script below. Simply swap John Smith for the Display Name of the user with Outlook performance issues and the script will go out and find all mailboxes where the user has Full Access permissions. For each mailbox found the script will then remove permissions and re-add them back but without enabling auto-mapping. The result? After the standard 15 minute wait period, AutoDiscover will remove the mailboxes from the user’s Outlook client. Since the user still has Full Access permissions they’ll be able to attach / detach mailboxes as they need them.


$user = "John Smith"

$mailboxes = Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | Where-Object {$_.AccessRights -match "FullAccess" -and $_.User -eq $user}

foreach ($mailbox in $mailboxes)

{

$identity = $mailbox.Identity

Remove-MailboxPermission -Identity $identity -User $user -AccessRights FullAccess -Confirm:$false

Add-MailboxPermission -Identity $identity -User $user -AccessRights FullAccess -AutoMapping:$false

}


Since this requires scanning each mailbox in your tenant for permissions I would advise that you only use it when you have a user complaining that Outlook is slow and you notice they have a large # of mailboxes open. If you tried running this for a large tenant you’ll get cut off by the PowerShell police. Or so a friend told me.


Comments go below, love letters, topic suggestions, and thoughts on Demi Lovato’s body image issues to nate@Get-MSOL.com


#office365 #powershell #o365 #exchangeonline

Featured Posts
Recent Posts
Search By Tags
No tags yet.
Connect