19,166 views
Exchange 2007 : Resource Room Mailboxes
Scenario : You have an AD account domain, that holds user accounts used to log on to the network/Outlook, and you have a dedicated Exchange 2007 resource forest, that holds the Exchange infrastructure, (linked) mailboxes, etc. Accounts in the account domain are synced from the account domain to disabled accounts in the Exchange forest (e.g. using IIFP). You can find more information on how to do this in this blog post
I will refer to the account domain as ACC (or acc.local) and to the Exchange forest as EXCH (or exch.local)
Some basic tasks I want to look at today are
- creating resource mailboxes
- granting access to the resource mailbox
- seting up delegates, autoprocessing of requests, etc
- managing properties of the resource mailbox
Creating Room Mailboxes
First of all, we’ll have to create the Resource Mailbox objects in the Exchange forest, because there is no such thing as a linked Resource Mailbox
This means that you may want to create a placeholder (OU) to host the resource mailbox AD objects. When the placeholder is created, this is how you can create the room mailbox, given the facts that
- the room will be called ROOM-Meetingroom1-City1
- the OU where the room needs to be stored at is ou=Resource Mailboxes,ou=Company,ou=exch,ou=local
Using powershell, this is how you can create the mailbox :
new-Mailbox -alias "room-meetingroom1-city1" -database "Mailbox Database" -name "room-meetingroom1-city1" -resourcetype room –userPrincipalName room-meetingroom1-city1@exch.local –OU "Resource Mailboxes/Company"
This will create a disabled account in the Exchange forest.
Grant access to the resource mailbox
Access to all mailboxes is based on actual useraccounts, not on entries in the Global Address List. So if you want to grant permissions to users, you cannot use the EMC running in the Exchange forest, because it can only display entries from it’s own domain (the Exchange Forest) and not from the actual account domains that hold the accounts used to access the mailboxes. Of course, the EMC would work if the user accounts and Exchange objects are in the same domain/forest, but since we have an account domain and an exchange forest, it won’t work.
We have to use powershell for this so we can specify the domain\useraccount the access is granted to.
Suppose you want to allow acc\john.doe and acc\jane.doe to have full access to the room resource mailbox, you’ll need to enter the following powershell commands :
Add-MailboxPermission -id "room-meetingroom1-city1" -AccessRights FullAccess -User "acc\john.doe" Add-MailboxPermission -id "room-meetingroom1-city1" -AccessRights FullAccess -User "acc\jane.doe"
If you want to allow “Send on behalf” permissions to the same two users, you need to use the following command :
Set-Mailbox -id "room-meetingroom1-city1" -GrantSendOnBehalfTo "John Doe","Jane Doe"
Add-ADPermission -id "room-meetingroom1-city1" -ExtendedRights Send-As -User "acc\john.doe" Add-ADPermission -id "room-meetingroom1-city1" -ExtendedRights Send-As -User "acc\jane.doe"
Set up autoprocessing and delegates
John and Jane Doe will be our two meetingroom managers. We want people to be able to book the resource, but either John or Jane need to get a notification email and must approve (or reject) the request before the resource gets booked
This is how this is done
First, set the delegates.
Set-MailboxCalendarSettings -id "room-meetingroom1-city1" -ResourceDelegates "John Doe","Jane Doe"
As you can see, you must specify all delegates at once, because the field is a multi-value field. So if you need to change the delegates afterwards, you’ll have to specify all of the delegates again. Furthermore, the users that are mentioned here are Exchange users, so you need to enter the Exchange display name, not the account domain user account.
In order to complete the setup of the autoprocessing and the whole process of getting notified and making sure the workflow is set up, take the following steps :
Logged on as acc\john.doe or acc\jane.doe, open OWA and open the mailbox of the meeting room.
In the upper right corner, click “Options”. In the left pane, open “Resource Settings”
Enable “Automatically process meeting requests” if you want auto-processing
Under Scheduling Permissions, set :
Schedule automatically if resource is available : set to “Select Users and Groups”, and don’t enter anything in the field. (this will make sure all requests need to be approved)
Submit a request for manual approval if the resource is available : set to “Everyone”
Schedule automatically if available and manual if unavailable : set to “Select Users and Groups” and don’t enter anything.
Make sure “Always forward to delegates” is enabled.
Save these changes. If you now try to book the meeting room, the two delegates should receive an email and they should be able to approve/decline the meeting request.
In addition to these settings, it may be a good idea to change the “maximum allowed minutes” setting under “Resource Scheduling Options”. If you want to allow people to book a meeting room for a meeting that lasts more than one day, you will need to increase the default value of 1440 minutes (1 day) to something else (e.g. 144000)
Managing other properties
After making the changes as explained above, the settings of a resource mailbox are :
Get-MailboxCalendarSettings –id “room-meetingroom1-city1” | FL
AutomateProcessing : AutoAccept AllowConflicts : False BookingWindowInDays : 180 MaximumDurationInMinutes : 144000 AllowRecurringMeetings : True EnforceSchedulingHorizon : True ScheduleOnlyDuringWorkHours : False ConflictPercentageAllowed : 0 MaximumConflictInstances : 0 ForwardRequestsToDelegates : True DeleteAttachments : True DeleteComments : True RemovePrivateProperty : True DeleteSubject : True DisableReminders : True AddOrganizerToSubject : True DeleteNonCalendarItems : True TentativePendingApproval : True EnableResponseDetails : True OrganizerInfo : True ResourceDelegates : {John Doe, Jane Doe} RequestOutOfPolicy : AllRequestOutOfPolicy : True BookInPolicy : AllBookInPolicy : True RequestInPolicy : AllRequestInPolicy : True AddAdditionalResponse : False AdditionalResponse : <DIV><FONT face=Tahoma size=2>FONT>DIV> RemoveOldMeetingMessages : True AddNewRequestsTentatively : True ProcessExternalMeetingMessages : False DefaultReminderTime : 15 RemoveForwardedMeetingNotifications : False Identity : exch.local/Company/Resource Mailboxes/room-meetingroom1-city1
Most of these properties are more or less self-explanatory, but one of the most interesting option is “Subject of meeting requests”. By default, when people in your organization start using the meeting room, the delegates/managers of the meeting room won’t see the subject of the meeting. In certain cases, this may be a problem for them in order to be able to properly manage the resource. You can make the subjects visible by ‘not removing’ the subjects.
Turn off “Subject of meeting requests” in OWA
or use powershell to disable the removal of the subject field :
set-mailboxCalendarSettings -id "room-meetingroom1-city1" -DeleteSubject $false
© 2009 – 2021, Peter Van Eeckhoutte (corelanc0d3r). All rights reserved.
Similar/Related posts:
Comments are closed.
Corelan Training
Check out our schedules page here and sign up for one of our classes now!
Donate
Your donation will help funding server hosting.
Corelan Team Merchandise
Corelan on Slack
You can chat with us and our friends on our Slack workspace: