I'm new to Active Directory and Exchange Server 2013. I'm looking for a way to simplify shared accounts in Exchange. At the moment, whenever we get a new user who wants access to a shared email account we have to manually add them in Exchange 2013. Then, when the user leaves our company we have to remove them from both Active Directory and the shared email in Exchange.
It would be nice to make the shared account in Exchange 2013 and simply add them to that shared account in Active Directory. That way when we remove them from Active Directory when they leave, they will automatically be removed from the shared account. Here's what I've tried so far.
Created a shared account named "TestZach" in Exchange admin center 2013 and selected the location to store it our OU named "Shared Accounts" in ADUC
Went to ADUC and created a Universal Security Group named "Test" in the "Shared Accounts" OU
On our exchange server started Exchange Management Shell and ran this command: "Enable-DistributionGroup -Identity Test" in order to mail enable my universal security group in Exchange 2013.
Added the Universal group "Test" as member of owner in Exchange admin center
Added myself and my boss to be members of the "Test" Universal Security Group in ADUC
At this point I expected to see the inbox "TestZach" show up in Outlook 2013 but no such luck even after waiting overnight with a restart. I did a bit more research and found that I may need to add permissions to "TestZach" through the Exchange Management Shell in our exchange server. So I added the following step
Ran command "Add-MailboxPermission -id TestZach -User Test -AccessRights Fullaccess" in Exchange Management Shell to give the Test Security group full access to mailbox TestZach.
However it still hasn't seemed to work as TestZach still isn't showing up in Outlook 2013.
I realize I may be attempting something that doesn't work in Exchange 2013 or I may be going about it all wrong.
Your approach to create a Shared Mailbox (disabled taskuser & Active Directory group) is quite common, because you can grant somebody rights to manage the access group, but that user do not need Exchange Admin rights.
However (as mentioned in my comment) the "auto map" function works only if the user is directly added to the mailbox. It isnĀ“t working when you are using groups (see: it is important to understand that this auto-mapping process does not work if the Full Access Permission is assigned via membership of a group.).