A customer asked about a situation in which they’re unable to remove mailboxes from users’ Outlook profiles. In this case they were shared mailboxes and appeared in the left pane of Outlook. Although this case was for shared mailboxes, the cause and solution apply equally to user mailboxes. This can occur for on-premises Exchange Server and cloud-hosted mailboxes in Exchange Online.
In the Outlook account settings for the user, the shared mailbox does not appear as an additional mailbox.
The reason that the shared mailbox appears in Outlook, but does not appear in the Outlook account settings, is that auto-mapping is enabled by default when a user is granted access to a shared mailbox or to another user’s mailbox. When auto-mapping is enabled, Outlook receives extra information in the Autodiscover response that tells it to open the additional mailbox.
The auto-mapping option can only be configured at the time the permissions are granted. If you want to remove auto-mapping for a user’s access to a shared mailbox, then you must remove their mailbox permissions and then re-add the permissions again. Also, this will need to be performed using PowerShell, because the Exchange Admin Center doesn’t expose the option to enable or disable auto-mapping when configuring mailbox permissions.
To remove and re-add a user’s mailbox permissions using PowerShell, we can use the following steps. First, for an on-premises mailbox open the Exchange Management Shell, or for a cloud mailbox connect to Exchange Online.
Using the example from the screenshot above, the user in question is Adam Wally, and the shared mailbox is named ShareOnPremMailbox. Use Get-MailboxPermission to check that the permissions have been granted as mailbox permissions.
[PS] C:\>Get-MailboxPermission -Identity SharedOnPremMailbox -User Adam.Wally | fl RunspaceId : 1af8b9f0-d64e-4cb8-b8e1-e905c6923ed5 AccessRights : {FullAccess} Deny : False InheritanceType : All User : ESPNET\adam.wally Identity : exchangeserverpro.net/Company/Head Office/Shared/SharedOnPremMailbox IsInherited : False IsValid : True ObjectState : Unchanged
Next, use Remove-MailboxPermission to remove the mailbox permission for the user.
[PS] C:\>Remove-MailboxPermission -Identity SharedOnPremMailbox -User Adam.Wally -AccessRights FullAccess Confirm Are you sure you want to perform this action? Removing mailbox permission "SharedOnPremMailbox" for user "Adam.Wally" with access rights "'FullAccess'". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Finally, re-add the mailbox permission by running Add-MailboxPermission, this time using the -AutoMapping parameter to disable auto-mapping.
[PS] C:\>Add-MailboxPermission -Identity SharedOnPremMailbox -User Adam.Wally -AccessRights FullAccess -AutoMapping:$false
The change will not immediately be obvious to the end user, because there is a delay before their Outlook client picks up the change via Autodiscover. When Outlook receives the updated Autodiscover response, it will remove the auto-mapped mailbox from the user’s Outlook profile. If the user needs to access the mailbox for anything, they must add it to their profile, or open it via the Outlook File menu.
As a side note, there’s nothing in the Get-MailboxPermission output that will tell you whether a user who has access to a mailbox will be auto-mapped. However, for on-premises mailboxes you can query the Active Directory user object properties to determine who will be auto-mapped to a mailbox. The property that stores this information is named msExchDelegateListLink, and it can be queried using Get-ADUser. For example, to view the list of auto-mapped users for a mailbox named Payroll, we can run the following command.
[PS] C:\>Get-ADUser -Filter {Name -eq "payroll"} -Properties msExchDelegateListLink | Select -ExpandProperty msExchDelegateListLink CN=Bruce.Thillainayagam,OU=Users,OU=Head Office,OU=Company,DC=exchangeserverpro,DC=net CN=Alex.Heyne,OU=Users,OU=Branch Office,OU=Company,DC=exchangeserverpro,DC=net
I am unable to remove Ghost accounts in Outlook I do not have Exchange – just a 365 home user The Automapping caused about 8 Ghosts in the Outlook tree. I do not ‘share” these mailboxes with anyone. So any further assistance would be gratefully accepted
Excellent fix! I had an issue where several shared mailboxes and a user mailbox would not drop from my Outlook client after my mb account was removed from these same mailboxes in Exchange Online. From Exchange Online Powershell, running the command mention in the article “Add-MailboxPermission -Identity SharedOnPremMailbox user -name@domain.com -AccessRights FullAccess -AutoMapping:$false” succesfully granted me full access again. We then went to the Exchange Online Admin Console and deleted my account from the same mailboxes which then all dropped from my Outlook mail tree about 15 minutes later. Thank you for helping my clear up some year-old issues issue with my Outlook mailbox.
is there a fix for when you have 300 users, that need to dive in an out of shared mailed boxes frequently, anything that doesn’t require an admin to sit at all 200 user computers and over 100 remote user computers and do this one at time, every single time you want to share or remove a shared mailbox? really MS? it might work, on an individual basis, but it’s not a real solution for admins.
same issue we have, we stopped using shares because admins can’t be doing this every time the share changes, or someone needs added or removed, admins should be able to do everything from global, specially when you have remote uses, and 100s of users on premise, people using mobile apps etc. if you had to do this every time on each individual computer, sheesh lol. that’s all some admins would be doing.
The only way I’ve found for Outlook desktop is to delete the user’s email account from Outlook files. Restart and add it back in and voila, the boxes are all gone.
2023 and still no solutions to removing ‘Ghost’ users mailboxes from current Staff’s Outlook profiles. I have one manager that has 8 mailboxes below theirs in Outlook of staff who left the company over 5 years ago! It shouldn’t be this hard to remove them Microsoft 🙁
exactly, same here, I have mailbox’s in my outlook that no longer exist and some that do, but all permission have been removed, we’ve tried everything and there’s not seemly any way to remove them, and these newer 365 business apps constantly freezes up my whole computer, which is high powered, and can run any program with ease. this new outlook is terrible, it basically halted production our office so we had to remove it and strictly use the web app which is terrible. and now they’ve modeled the desktop version off that and its terrible. MS expects you to somehow retool your whole computer, did in to PowerShell and other things just get their product to work properly, then that breaks some other program you have running.
yea this work around only works if you have exchange on premise, powershell doesn’t do anything for 365 web.
I have a very similar issue that I believe is automapping related:
Person A shared their calendar with Person B via an email message, Person B has full access to Person A calendar but this isn’t reflected in Exchange, so this access cannot be seen by administrators, I have checked Exchange admin portal and PowerShell, both dont see these permissions despite Person B showing me they have full access.
How do I find out how many mailboxes in my tenant have these ghost permissions and also how do I remove access to a mailbox that Exchange believes is not there?
yea this work around only works if you have exchange on premise, PowerShell doesn’t do anything for 365 web.
Thank you, just tried this, will see what happens later. Asked the user to be just patient.
Still cannot get rid of ghost mailboxes (that were auto mapped) from a user Outlook, these mailboxes no longer exists, so cannot add/remove anything
Does anybody know what the equivalent is for the attribute msExchDelegateListBL in AzureAD?
There must be something in AzureAD to trigger auto-mapping but I can’t find it.
I still have the same issue with Exchange 2010, a deleted mailbox is stall appearing on a users Outlook profile. I am assuming it was added using the automap feature.
The question is with no AD/Exchange account to ADSIedit check/remove the links and no links in the user’s AD account attributes how do I delete the ghost mailbox on the side of the user profile?
Didn’t need to remove them, just running the Add-MailboxPermission with -AutoMapping:$false was enough to remove them from Outlook after some waiting.
It’s removed from outlook, yes, but you still need to remove permissions unless you want to still be a deleagate…
I am still shocked after all these many years, 10+ now, that there simply isn’t a reg key for the Outlook client to stop the automapping from it’s side.
I had to assign a single owner to all Shared Mailboxes for a exchange migration, the poor bastard now has over 300 additional mailboxes in his profile and crashing his outlook…
owned for sure. incorrect means owned
Adding mailbox permission with Automapping as false worked for me.
Hello I use onprimes Exchange 2016 and Office365 hybird .
shared mailbox – Exchange2016 on primes,
User Mail : Office365
ı want to shared mailboxes not add auto map, ı was run the bellow script
Add-MailboxPermission -Identity “11111” -User “asd” -AccessRights FullAccess -InheritanceType all –AutoMapping $False
But again add sharedmailbox auto user outlook client .
Incredibly stupid and unnecessary Feature (Bug). The Outlook Dev Team completely destroy Exchange Server. Gawd this is stupid. Auto-Mapping a mailbox to a profile because I have delegated full access.
Imagine an admin that has 300 mailbox delegations to archive mailboxes, Yup, now you get 300 additional mailboxes in your profile, worse after you remove the Full access permission. The auto mapped mailbox remains.
Gawd I despise the Outlook Dev Team.
I love the automap feature.
But also I can’t see a reason for an admin that you actively use to have access to 300 Mailboxes.
The problem here is not the automap, it is your strange permissions…
If it “automaps” when you grant permission, it should “auto un-map” when you remove the permission.
This is not a difficult topic to understand at all. It doesn’t matter if it is 3 mailboxes or 300, the automap behavior is useful, but poorly implemented.
I think it’s functionality of its time. When Outlook introduced automapping (2007 maybe?), it was to fix a problem. Most of the time people want access to a mailbox and don’t worry so much about removing permissions. So it is what it is. Not great but useful.
No, it is not useful, especially in an enterprise organiztion.
When you also add the permission to “SendAs” and you are in a hybrid configuration, it essentially breaks the process.
The choice to allow auto-mapping is fine. The inability to have that choice outside of powershell is an absolute nightmare for any enterprise environment,
Feel free to express your feelings to Microsoft. Commenting here is fine, but they won’t do anything to improve matters if they don’t understand the reasons why the current implementation causes problems for end users.
yea imagine now if you had to do this for 200 users on premise and 100 remote users, every time it need fixed lol.
has nothing to do with permissions in the end. the core problem is, when you add the permissions, the shared mail box is added, when you remove them, the shared mail box doesn’t go away, even if it’s deleted on the admin side, and anything we try, doesn’t fix make it go away. now all outlook does is freeze up my whole computer after a few mins. it’s ridiculous.
What if the mailboxes no longer exist and are gone from the soft delete ie no bringing them back? You can’t map something that doesn’t exist then you can’t unmap it either. There has got to be a local cache you can delete- because they don’t show in OWA, so we know the server isn’t holding onto the inboxes.
Thank you,
Ever find a solution to this?? I have several users with old non-existent mailboxes in Outlook I cant get rid of … recreated profiles, set them up on different PC’s, these zombie mailboxes are still there!
I have a similar issue, but my user(s) have Outlook showing mailboxes that are still active (a mix of users and shared), but they have no permission set. I used PS to check for each user, and that suggested no access to them.
This article suggests using AD; “the property that stores this information is named msExchDelegateListLink, and it can be queried using Get-ADUser”
For me, the users had nothing set here either.
I found another article with a similar issue, and have tried that. This is to use powershell to grant access back to the mailboxes (I assume you may have to recreate the zombie ones temporarily with the same aliases as before), wait a short time and then use powershell to remove the permissions. I’m waiting for the user(s) to confirm these mailboxes have now dropped out of Outlook… I will update once they confirm
this solution if it works, is a case by case solution, 365 admins that have hundreds of users, including remote uses, couldn’t realistically do this. admins need to be able to do everything globally. We use distribution groups instead of shared boxes now, till MS comes up with a real solution to this. you’ll save yourself hundreds of frustrating hours and angry users.
I too have this issue Office 365 and CtoR Outlook 2016.
Numerous users where the full access permissions have been removed but the mailbox name lingers as an object in Outlook which when clicked pop an error message (as expected) I am trying to see whether adding back with Full Access, with automapping disabled and then a day later removing the permission again will be effective. Unless anybody knows of a better way.
Remove auto mapping
—————————
1. Firstly run the below command in power shell:
Add-MailboxPermission -Identity -User -AccessRights FullAccess -AutoMapping:$false
Note:
In this command, represents the mailbox to which the user is granted permissions, and is the mailbox of the user from whom you want to remove full access permissions.
2. Then run the below command:
Remove-MailboxPermission -Identity -User -AccessRights FullAccess -InheritanceType All
3. Check after 1 hour in your outlook if mailboxes appear then close outlook and restart again.
Try these steps i think it will work.
—————————————–
thanks a lot for this, i added a mailbox once and removed it later and its still in my outlook
the mailbox is being used by someone else now
my question is can i just disable automapping for me only? without adding it again and without effecting the current user?
thanks
Any way to fix this if the delegates have been deleted for an extended amount of time..
I don’t see the permissions on the mailbox but the user outlook is still showing the additional no longer existing mailboxes. You would have thought that housekeeping would automatically handle this..
We have an old Exchange Manager who moved into another branch of management and has rights (auto-map turned on) to over 280 accounts. Is there a powershell script to remove auto-map from all accounts except your own? I am guessing something that would keep NT\Authority and NT\Self but remove all others.
NOTE: We are still on Exchange 2010 SP3 CU22
I have a rather odd issue where I have a user who had access to a number of mailboxes before moving to the cloud. Similar to your description, these do not show up under additional mailboxes. However, he has since transitioned to Office 365 and had his permissions for the mailboxes removed, yet the mailboxes remained in his Outlook.
I have verified there are no users listed in the mailboxes msExchDelegateListLink attribute in AD. I manually ran a Sync through the Synchronization Service Manager and restarted Outlook but the mailboxes are still showing up. Any thoughts?
I discovered that several of our mailboxes have an “orphaned” full access entry for the domain administrator in addition to that account’s inherited full access permissions. I would like to remove this rogue entry, but the process I have read about so far will not succeed so long as the administrator account has inherited permissions. What might a person cleverer than I recommend?
What method have you read?
I have removed delegation from several mailboxes for a user. The mailboxes are lingering. Any advice?
This worked very nicely for me thanks. Once I set auto-mapping to false within a few minutes I restarted Outlook and those pesky mailboxes were gone. If you need to remove access once the mailboxes are removed then revoke the access after they are gone.
Often, we’re finding that AFTER removing access to a mailbox, the mailbox is still staying automapped on a client Outlook.
We want to remove this mailbox from the client’s Outlook when they no longer need access to it.
The command that is repeatedly touted is to GIVE “Full Access”, but turn off automapping.
But, at least in our situation, we don’t want any access granted to the other mailbox anymore.
So is the missing step to go ahead & remove the access once sync has taken place?
Or is there a different command to remove the access and the automapping?
We have a lot of users that have these lingering mailboxes added to their Outlook that need to go away – and they currently show as NOT having any access granted to them…
*For what its worth – we’re in a hybrid 2010 / EXO environment. And this doesn’t always occur. Plenty of times we provided Full Access to a user for a period of time, and then remove the access, and the automapped mailbox goes away as it should.
This is the way I do it (go back and remove full access) and the only way I’ve seen to handle it. If I don’t feel like waiting for autodiscover to pickup the automapping change, I will make the user close/re-open Outlook. Within a minute or two of that, the mailbox will be removed since the autodiscover check occurs right away.
Hey Evan,
That doesnt work. I have a user with an ex-employee’s mailbox on her Outlook, has not had Full access for about a year now, and I have even uninstalled and reinstalled Outlook and its still there.
Just wanted to check in and see if there has been any updates to removing automapping? I currently have access to over 70 work mailboxes which I only need to access on occassion and couple of those on a daily basis. On my MAC at work I have been able to load only the accounts I use most often and the Office 365 to log in to the other accounts. However, when I was adding my Outlook account to my personal laptop it automapped 70+ mailboxes which freezes up Outlook and makes it a nonfunctioning program that I cannot use, change or delete. I do not have the capacity to remove permissions and then re-add them individually. Any other suggestions to remove the automapping function. Is there a reason this works differently on a Mac versus laptop running Windows 10?
The Real Person!
The Real Person!
Outlook on Mac doesn’t handle auto-mapping the same way as Outlook on Windows.
There’s been no changes to auto-mapping behaviour. If you don’t want the mailboxes auto-mapped, the procedure to remove and readd the permissions is still the way to do it.
It works ok.
Thanks a lot for your contribution!!!
Hi Paul, I always advise admins against automapping as it adds an Additional Mailbox in Outlook which then gets cached in the default mailboxes OST. We have seen sync issues when this files contains over 500 folders for Additional Mailboxes and want to avoid this.
Instead we add mailboxes as Additional Accounts which use their own OST files. This has some other user experience benefits (and drawbacks) in Outlook but mainly seems to deliver more reliable syncing to Exchange Online.
If you have a moment to reply, my question is do you ever advise clients to use Additional Accounts instead of Additional Mailboxes and are you aware of the 500 folder issue?
Many thanks, Ryan.
The Real Person!
The Real Person!
I’m aware of the limit.
Adding the mailboxes as additional accounts requires that you know the password, which isn’t practical for shared mailboxes or when granting Person A access to Person B’s mailbox.
Hi Paul,
this is actually incorrect. When you add the second account, leave the password blank. Autodiscover will proceed and then the authentication box will appear. Change the authentication from the mailbox email address to the user trying to access it and use their password, it will give you access to the mailbox.
I almost always use additional accounts. It allows you to select how long you want to cache each mailbox as well.
Do you then have search problems with additional accounts in Outlook 2016 ProPlus though Joe?
Any comments on this Paul?
Paul got owned.
You do not get owned by getting one incorrect answer.
Thanks for continuous posting of your articles!