Mimecast Synchronization Engine: Mailbox Permission Synchronization

Document created by user.oxriBv5dM7 Expert on Oct 4, 2017Last modified by user.Yo2IBgvWqr on Oct 18, 2017
Version 7Show Document
  • View in full screen mode

This guide describes the steps required to implement and monitor Mailbox Permission Synchronization. Mailbox Permission Synchronization provides one-way synchronization of the Full Access mailbox permission in Exchange, or Office 365, to the Delegate Mailbox Access permission on Mimecast Archive mailboxes. This feature removes the need for Delegate Mailbox Access to be managed by spreadsheet import, or an archive mailbox basis. See the Configuring Delegate Mailbox Access article for more information.

This feature is currently only available through a closed Beta.

Installing Mimecast Synchronization Engine

 

Installing / Updating the Mimecast Synchronization Engine

 

To install / update the Mimecast Synchronization Engine:

  1. Ensure your environment meets the requirements outlined in the Mimecast Synchronization Engine Requirements page.
  2. Install Mimecast Synchronization Engine 4.1 or later, as outlined in the Installing / Upgrading the Mimecast Synchronization Engine page.
    The latest Mimecast Synchronization Engine version is available from the Application Downloads space.

Preparing Your Microsoft Mailbox

 

Ensure the following in configured to prepare your Microsoft Mailbox:

  • The Mimecast Synchronization Engine requires a standard user mailbox with elevated permissions to user mailboxes in your organization. This mailbox is referred to as the Microsoft Mailbox, and requires impersonation rights in order to access user mailboxes.
  • Configure impersonation for your version of Exchange / Office 365. See the Configuring Application Impersonation page for full details.

 

Configuring / Binding Your Mimecast Synchronization Engine Site

 

Use the Mimecast Site Configuration utility to configure your installation to:

  • Specify the Microsoft Mailbox to be used.
  • Optionally set any custom connection settings, if you're using a proxy server.
  • Bind your installation to the Mimecast platform and configure scheduled tasks.

 

See the Configuring a Mimecast Synchronization Engine Site page for more details.

 

Creating Schedules and Scheduled Tasks

 

Creating a Scheduled Task

 

A schedule is configured in the Administration Console and defines the frequency of a task execution. See the Mimecast Synchronization Engine Schedules page for more details. Tasks are also configured in the Administration Console, and is where you create a definition and schedule to be applied to a group of users. See the Mimecast Synchronization Engine: Exchange Tasks page for full details. Groups can either be:

  • Selected from a list of group synchronized from your organization's Active Directory.
  • Entered as a full DN describing an Active Directory group.
  • Entered as the email address of an Exchange distribution group.

 

When creating your scheduled task:

  1. Select a Task Type of "Mailbox Permission Sync".
  2. Enter a Description in the text box that displays when you select this option.

 

You can view the status of your scheduled task in the Administration Console. See the Monitoring Exchange Tasks page for full details. Once your scheduled task has successfully synchronized mailbox permissions, you can view the results using the Administration Console or any of our end user applications (e.g. Mimecast Personal Portal or Mimecast for Outlook).

 

Using the Administration Console


To view which mailboxes a given user has delegate access to:

  1. Log on to the Administration Console.
    Administrators must have the Super Administrator role. Users with lesser permissions will not see the delegate access dialogs.
  2. Click on the Administration toolbar menu item.
  3. Click on the Directories | Internal Directories menu item. A list of internal domains is displayed.
  4. Click on the Domain of the user you would like to check. A list of email addresses for the internal domain is displayed.
  5. Click on the Email Address of the user you would like to check.
  6. Click on the Add Delegate Mailboxes button on the user settings page. The delegate mailbox page is displayed. The "Source" column displays which process / application granted the delegate access.

 

Using End User Applications

 

 

Troubleshooting

 

In the event a Scheduled Task status is an Error, check that your Microsoft Mailbox has the correct permissions. You can do this using Powershell by following the steps below depending on the version of Exchange.

 

If the cmdlet in the steps below doesn't complete successfully, take steps to resolve the issue. The Mailbox Permission Sync feature uses this cmdlet programmatically. Therefore as long as this executes successfully, the scheduled task should also.

In the event you need to make changes to the permissions for the Microsoft Mailbox, you must restart the Mimecast Synchronization Engine service for the changes to be applied to the scheduled task.  

Office 365

 

To check your permissions in Office 365:

  1. Open a Powershell Window.
  2. Run the following the command to connect to Office 365.
    $session = new-pssession -connectionuri 'https://ps.outlook.com/powershell' -configurationname microsoft.exchange -credential (get-credential) -AllowRedirection -Authentication Basic
    Import-PsSession $session

     

  3. Use the Microsoft Mailbox Credentials in the pop up dialog.

  4. Import the new Powershell Session using the following command:
    Import-PsSession $session

     

  5. Check that the Get-MailboxPermissions cmdlet completes successfully using the following command (where "a_user" is the user name of a user in your organization):

    Get-MailboxPermissions -Identity a_user

 

Exchange On-Premises

 

To check your permissions in Exchange On-Premises:

  1. Log on to an Exchange Server as the Microsoft Mailbox.
  2. Open the Exchange Management Shell.
  3. Check the Get-MailboxPermissions cmdlet completes successfully by using the following command (where "a_user" is the user name of a user in your organization):
    Get-MailboxPermissions -Identity a_user

Attachments

    Outcomes