Allow Users from Trusted Domain to access Shared Mailboxes

As this is not possible to do with the Exchange 2010 GUI, here the two Exchange – Powershell commands needed

To add FullAccess rights to an trusted account:

[PS] C:>Add-MailboxPermission -Identity <> -User <trusted_domain><user> -AccessRights FullAccess -InheritanceType All

To add “Send-As” Rights, you will have to change the AD – Permissions for the account:

[PS] C:>Add-ADPermission -Identity ‘CN=Shared Mailbox Name,OU=users,DC=domain,DC=com’ -User <trusted_domain><user> -ExtendedRights ‘Send-as’

to be on the safe side, add the shared mailbox in LDAP notation

Convert “Normal” Mailbox to Linked Mailbox in Exchange 2010

A linked Mailbox is a Mailbox where the master user is in a trusted domain inside your domain forest, whereas a local mailbox belongs to a user in the local domain. If you want to convert a local mailbox to a linked mailbox, according to Microsoft, you will have to

1) disable the Mailbox
2) convert and reattach the Mailbox

unfortunately this was not working for me and gave an error message that the mailbox could not be found in the given mailbox database.

Since Exchange 2010 SP1 this has been made easier (and faster) by providing a new CLI command to reassign a mailbox on-the-fly.

$cred = get-credential

You will be asked for a Username and password, here you will need a domain admin account in the trusted domain

Set-User -Identity <oldusername> -linkeddomaincontroller <domain controller in trusted domain> -LinkedCredential $cred -linkedmasteraccount <user in trusted domain>

<oldusername> is your user in the local domain, <user in trusted domain> is the user in the trusted domain (which is the new owner of the mailbox), the other two options should be self – explanatory.

You will notice a changed icon for the mailbox in the Exchange control panel and the account in the local domain gets deactivated (as it is no longer used to authenticate a user). The account though is still neded. All users will get prompted to add a new username and password in their outlooks, where they have to enter their username and password for their home-domain.