While doing an audit of mailboxes in our Exchange environment, I came across a ton of User Mailboxes (well over 100) that had Full Access rights assigned and each mailbox was being shared among several users. This probably occurred during the 2003-2010 migration a while back.
The problem with that is, a User Mailbox is associated with an enabled AD account, which can cause major security headaches. We need to convert those User Mailboxes to Shared Mailboxes (which has a disabled AD account), but we need to do it in bulk since there are a bunch.
A search around the internet only yields how to do a mass conversion in O365, but since this is Exchange on-premise, those won't work. Luckily, PowerShell makes it easy!
First, save a list of the aliases of the mailboxes that you're going to convert, into a .txt file.
Put that .txt file in your desired location like C:\ToBeConverted.txt
Then, fire up the Exchange Management Shell (EMS) and run:
Get-Content C:\ToBeConverted.txt | Set-Mailbox -Type Shared
Now, your "shared" User Mailboxes will all be actual Shared Mailboxes, and your security team will rest easy
Microsoft Enterprise Messaging tips, tricks, and general help.
No comments:
Post a Comment