Getting Started with Mailbox Permission Sync

Document created by user.zL0FB6L9lN Expert on Jul 27, 2017
Version 1Show Document
  • View in full screen mode

 

The Mailbox Permission Sync feature is configured in the Administration Console and requires the Mimecast Synchronization Engine to be installed on a server in your environment. This guide describes the steps required to implement and monitor this feature.

 

Implementation Steps

 

Install / Update the Mimecast Synchronization Engine

 

  1. Ensure that your environment meets the requirements for the Mimecast Synchronization.
  2. Mailbox Permission Sync is in a BETA stage and requires the latest 4.1 version of the Mimecast Synchronization Engine.

    Please download this software by clicking here.

  3. Install the application on a server in your environment. Learn more about the installation / upgrade process here.

 

Prepare your Microsoft Mailbox

 

  • The Mimecast Synchronization Engine uses a single mailbox with elevated permissions to access the mailboxes in your organization.
  • This is referred to as the Microsoft Mailbox.
  • The Microsoft Mailbox requires Impersonation permissions to access other mailboxes.

    IMPORTANT: The Microsoft Mailbox also needs the View-Only Recipients role for Mailbox Permission Sync feature.

  • Learn how to configure Impersonation for your version of Exchange  / Office 365 in the Configuring Application Impersonation article.

 

Configure and bind your Mimecast Synchronization Engine site

 

When configuring your installation you need to:

 

  • Add your Microsoft Mailbox.
  • Optionally set custom connection settings if you are using a proxy server.
  • Bind your installation to the Mimecast platform, so you can start configuring scheduled tasks.

 

These tasks are performed using the Mimecast Site Configure utility on your server. Learn more about these tasks in the Configuring a Mimecast Synchronization Engine Site guide.

 

Create a schedule

 

A schedule is configured in the Administration Console and is where you define when the Mailbox Folder Replication runs. Learn more about creating schedules in the Mimecast Synchronization Engine Schedules article.

 

Create a scheduled task

 

A scheduled task is configured in the Administration Console and is where your definition and schedule are applied to a group of users. Groups can either be:

 

  • Selected from a list of group synchronized from your organization's Active Directory.
  • Entered as a full DN describing an Active Directory group.
  • Entered as the email address of an Exchange distribution group.

 

Learn more about creating scheduled tasks in the Mimecast Synchronization Engine: Exchange Tasks article.

 

When creating your scheduled task select Mailbox Permission Sync as the task type and enter a Description in the text box that appears when you select this option.

 

 

Viewing scheduled task status

 

You can view the status of your scheduled task in the Administration Console. For more information on this process please see the Monitoring Exchange Tasks guide.

 

Viewing the results of Mailbox Permission Sync

 

Once your scheduled task has successfully synchronized mailbox permissions you can view the results using the Administration Console or any of our end user applications, for example the Mimecast Personal Portal or Mimecast for Outlook.

 

Using the Administration Console

 

To view which mailboxes a given user has delegate access to:

 

  1. Log in to the Administration Console as Super Administrator. (NOTE: Administrators with less permissions will not see the delegate access screens).
  2. Navigate to the Administration | Directories | Internal Directories page.
  3. Click the domain of the user you would like to check from the Internal Domains list.
  4. Click the email address of the user you would like to check from the email address list.
  5. Click the Add Delegate Mailboxes button on the user settings page. The delegate mailbox page is displayed.


     The Source column displays which process / application granted the delegate access.

 

Using end user applications

 

 

Troubleshooting

 

In the event that the Scheduled Task status is an Error please double check that your Microsoft Mailbox has the correct permissions. One way of doing this is using Powershell. Please see below for the steps to follow in Office 365 and on-premises versions of Exchange.

 

Office 365

 

  1. Open a Powershell window and run the following the command to connect to Office 365.

    $session = new-pssession -connectionuri 'https://ps.outlook.com/powershell' -configurationname microsoft.exchange -credential (get-credential) -AllowRedirection -Authentication Basic
    Import-PsSession $session


    Make sure to use the credentials of the Microsoft Mailbox in the credentials pop up box.

  2. Import the new Powershell session.

    Import-PsSession $session

     

  3. Check that the Get-MailboxPermissions cmdlet completes successfully.

    Get-MailboxPermissions -Identity a_user

    Where a_user is the user name of a user in your organization.

 

If the cmdlet does not complete successfully, take the steps required to resolve the issue. The Mailbox Permission Sync feature uses this cmdlet programmatically, therefore, as long as this executes successfully the scheduled task should also.

IMPORTANT:

 

In the event you need to make changes to the permissions for the Microsoft Mailbox you must restart Mimecast Synchronization Engine service for the changes to be applied to the scheduled task.

 

Exchange On-premises

 

  1. Log in to an Exchange Server as the Microsoft Mailbox.
  2. Open the Exchange management Shell
  3. Check that the Get-MailboxPermissions cmdlet completes successfully.

    Get-MailboxPermissions -Identity a_user

    Where a_user is the user name of a user in your organization.

If the cmdlet does not complete successfully, take the steps required to resolve the issue. The Mailbox Permission Sync feature uses this cmdlet programmatically, therefore, as long as this executes successfully the scheduled task should also.

 

IMPORTANT:

 

In the event you need to make changes to the permissions for the Microsoft Mailbox you must restart Mimecast Synchronization Engine service for the changes to be applied to the scheduled task.

Support during the Beta


All support for Betas undertaken through the Early Adopters Program is handled via the private Early Adopters group. Mimecast Service Delivery will not be able to provide direct support during this phase. Please start a new discussion in this group providing as much information regarding your issue as possible.

The group may also be used to share best practise or ask questions of your peers. We love to hear your feedback and look forward to engaging with you throughout this Beta!

Attachments

    Outcomes