Understanding Exchange Server 2003 Mailbox Access Delegation

  • Article

 

In the most common configuration of Microsoft Exchange Server 2003, each user has a single mailbox and each mailbox is owned by a single user (the mailbox owner). However, there are many circumstances where this arrangement is too simple. For example, consider the following:

  • A resource mailbox that represents a conference room, which all users must be able to access in some manner.

  • A mailbox for a manager who has an administrative assistant. The assistant must have access to certain folders in the mailbox, and may have to send mail or schedule appointments on behalf of the manager.

To satisfy these requirements, you can delegate mailbox access. A user who has been granted some level of access to another user's mailbox is referred to as the delegate. This chapter describes the different approaches you can use for granting such access. Although some of these approaches can be accomplished by Microsoft Office Outlook 2003 users, others require administrative configuration. There are several different levels at which you can grant a user access to another user's mailbox:

  • Using Outlook, a user can grant another user access to specific folders in their mailbox.

  • Using Outlook or Active Directory Users and Computers, a user or an administrator can give a user the ability to send mail on behalf of another user.

  • Using Active Directory Users and Computers, an administrator can give a user the ability to log on to a mailbox owned by another user (or a resource mailbox). An administrator can also give a user the ability to send mail as another user.

  • Using Active Directory Users and Computers while running Exchange Server 2003 in a mixed Exchange Server 2003 and Microsoft Exchange Server version 5.5 topology, an administrator can give a user from a Microsoft Windows NT Server 4.0 domain the ability to log on to a mailbox owned by another user or to send mail on behalf of another user.

Important

Be careful when you modify permissions. An unscrupulous user with permissions to other users' mailboxes could cause damage to the mailboxes or their contents.

The primary reason for the complexity of delegate access is the way Exchange Server 2003 controls access to mailboxes and items in those mailboxes. Logging on to a mailbox and accessing a folder in a mailbox are independent operations, and Exchange Server 2003 controls them separately. For more detailed information about how Exchange Server 2003 controls access to mailboxes, see Working with Store Permissions in Microsoft Exchange 2000 and 2003.