Exchange Shared mailbox?

ajf · 21 Jul 2016 at 11:41

A quick question.
What is the difference between creating a full Shared Mailbox and just adding Full Access Permissions to a User Mailbox?

I can't immediately see benefits of one over the other, and we seem to use both here.
I need to give 2 users access to a new mailbox.

This is with Exchange 2010.

pwsymonds · 21 Jul 2016 at 15:06

My understanding is that its mostly to do with security concerns as opposed to technical differences. A shared mailbox is only associated to a disabled account.

you also don't need to worry about about the impact of the user associated with the user mailbox down the line. If a situation arises where that user needs to be removed from exchange for whatever reason, then you don't need any administrative work in dealing with said users "shared" mailbox.

I guess from an administrative point of view, and you easily wanted to see how many shared mailboxes are set up, its much easier to do than perhaps using powershell to see which users have full permission to which user mailboxes. (why you would query such a thing i don't know, but i guess you never know)

Generally i would always advise using the recommended practice and use a shared mailbox if its primary purpose is purely to give multiple users acces to the same mail account.

I also googled it and this too seems to touch on security reasons :
https://social.technet.microsoft.co...80b/shared-vs-user-mailbox?forum=exchange2010

EDIT: So to actually answer your question, No "technical" difference that i can think of.

Ploppy2k3 · 21 Jul 2016 at 15:53

A shared mailbox doesn't have an user account assigned to it. ie nobody owns it. a user mailbox is just that, owned by a user.

The benefit of a shared mailbox is that both users have their own "user mailbox" and have access to the "shared mailbox". AFAIK you cant actually log in to a shared mailbox and both work from it. You can create a "user mailbox" and have 2 people working from it but I wouldn't.

GDL · 21 Jul 2016 at 17:50

Shared Mailboxes don't take CAL's and as they are disabled AD Objects, you can't log onto a machine with one.

Ploppy2k3 · 21 Jul 2016 at 17:56

Shared Mailboxes don't take CAL's and as they are disabled AD Objects, you can't log onto a machine with one.

that's the phrase I was looking for :S

ajf · 21 Jul 2016 at 19:33

Thank you all for the advice, I will do it the correct way then and create a Shared Mailbox.
Time to dig out the shell commands - they don't make it easy do they!

GDL · 21 Jul 2016 at 22:40

Create it as a normal user and use the Set-Mailbox "nameofaccount" -type shared IIRC.
Convert a mailbox.

Liquidfox · 22 Jul 2016 at 02:24

GDL said:
Shared Mailboxes don't take CAL's

This is the main reason we use them.