Exchange 2007 introduces a new way for shared mailboxes to be handled. Now you are capable of creating the mailbox through exchange which in turn creates an inactive (disabled) user account in Active Directory. This encourages people to manage the accounts by deligating access, rather than allowing people to have the password for the Active Directory user account.
By making users connect to the shared mailbox with their own user name you will be able to provide the appropriate security for each user.
Like with most Exchange 2007 tasks, to manage the shared mail boxes you are required to be familiar and comfortable with the Exchange Management Shell and PowerShell.
Converting a standard mailbox to a shared mailbox
To convert a stanard mailbox to a shared mailbox the following PowerShell commands can be used in the Exchange Management Shell-
[PS] C:\>Set-Mailbox itsupport -Type:Shared
Creating a shared mailbox
To created a shared mailbox you simply need to add -shared to the standard PowerShell command for standart mailboxes.
This command will create an Active Directory user account in the ‘Exchange Resources’ organisational unit, this account is used to make the link to the mailbox. It will be disabled and have no password.
[PS] C:\>New-Mailbox -Name:'IT Support' -OrganizationalUnit:'Domain.com/Exchange Resources' -Database:'Mailbox Database' -UserPrincipalName:'[email protected]' -Shared
Converting a shared mailbox to a standard mailbox
[PS] C:\>Set-Mailbox itsupport -Type:Regular
Converting a standard mailbox to a shared mailbox
To convert a stanard mailbox to a shared mailbox the following PowerShell commands can be used in the Exchange Management Shell-
[PS] C:\>Set-Mailbox itsupport -Type:Regular
Assigning permissions to a shared mailbox
Since a shared mailbox is designed to be used by multiple people I suggest that you create an Active Directory security group to manage the access. For the example I have used a group called ‘IT Support Group’
[PS] C:\>Add-MailboxPermission itsupport -User:'IT Support Group' -AccessRights:FullAccess
If you also require users to ‘send as’ the shared account, the following command can be used
[PS] C:\>Add-ADPermission itsupport -User:'IT Support Group' -ExtendedRights:Send-As -AccessRights:ReadProperty, WriteProperty -Properties:'Personal Information'