Microsoft Exchange mailbox permission: Full access
Further configuration of mailbox permissions is required in the synchronization project. For more information, see Customizing synchronization projects for mailbox permissions.
The Full Access mailbox permission allows a user to log in to a mailbox and view and edit the contents of the mailbox. Mailbox permissions for sending notifications from this mailbox must be granted separately.
To customize send permissions for mailboxes
-
In the Manager, select the Active Directory > Mailboxes category.
-
Select a mailbox in the result list.
-
Select the Assign full access permissions task.
-
Select the table which contains the user from the menu at the top of the form. You have the following options:
-
In the Add assignments pane, assign users.
TIP: In the Remove assignments pane, you can remove assigned users.
To remove an assignment
-
Save the changes.
Related topics
Assigning extended properties to Microsoft Exchange mailbox
Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.
To specify extended properties for a mailbox
-
In the Manager, select the Active Directory > Mailboxes category.
-
Select a mailbox in the result list.
-
Select Assign extended properties.
-
In the Add assignments pane, assign extended properties.
TIP: In the Remove assignments pane, you can remove assigned extended properties.
To remove an assignment
- Save the changes.
For more information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
Microsoft Exchange deactivating mailboxes
How you deactivate mailboxes depends on the type of mailbox administration. When you deactivate a mailbox, the Do not display in address list option is enabled and the mailbox is no longer shown in address books.
Scenario:
Mailboxes are managed through account definitions.
Mailboxes managed through account definitions are disabled when the employee is temporarily or permanently disabled. The behavior depends on the mailbox's manage level. Mailboxes with the Full managed manage level are deactivated depending on the account definition settings. Use the EXOMailbox.IsLocked column to configure the behavior for mailboxes with another manage level.
Scenario:
Mailboxes are not managed through account definitions.
The behavior depends on the QER | Person | TemporaryDeactivation configuration parameter.
-
If the configuration parameter is set, mailboxes for an employee are disabled if the employee is temporarily or permanently disabled.
-
If the configuration parameter is not set, the employee data does not have any effect on the linked mailboxes.
To lock a mailbox when the configuration parameter is not set
-
In the Manager, select the Active Directory > Mailboxes category.
-
Select a mailbox in the result list.
-
Select the Change main data task.
-
Set the Mailbox is disabled option on the General tab.
- Save the changes.
Scenario:
Mailboxes not linked to employees.
To lock a mailbox, which is not linked to an employee
-
In the Manager, select the Active Directory > Mailboxes category.
-
Select a mailbox in the result list.
-
Select the Change main data task.
-
Set Mailbox is disabled on the General tab.
- Save the changes.
Related topics
Deleting and restoring Microsoft Exchange mailboxes
NOTE: As long as an account definition for an employee is valid, the employee retains the mailbox that was created by it. If the account definition assignment is removed, the mailbox created through this account definition, is deleted.
To delete a mailbox
-
In the Manager, select the Active Directory > Mailboxes category.
-
Select a mailbox in the result list.
-
Click in the result list.
- Confirm the security prompt with Yes.
To restore a mailbox
-
In the Manager, select the Active Directory > Mailboxes category.
-
Select a mailbox in the result list.
-
Click in the result list.
When you delete a mailbox, the Do not display in address lists option is enabled and the mailbox is no longer shown in address books. The settings Use default database values, Max. send size [KB], Max. receiving size [KB], Prohibit transfer above [KB], and Prohibit send at [KB] are reset, so that no email messages can be sent or received with this mailbox.
Configuring deferred deletion
By default, mailboxes are finally deleted from the database after 30 days. During this period you have the option to reactivate the mailboxes. A restore is not possible once deferred deletion has expired.
In the Designer, you can set an alternative delay on the EX0MailContact table. For more information on configuring the deferred deletion, refer to the One Identity Manager Configuration Guide.
Related topics