A customer asked about a situation in which they’re unable to remove mailboxes from users’ Outlook profiles. In this case they were shared mailboxes and appeared in the left pane of Outlook. Although this case was for shared mailboxes, the cause and solution apply equally to user mailboxes. This can occur for on-premises Exchange Server and cloud-hosted mailboxes in Exchange Online.

Removing an Auto-Mapped Mailbox from Outlook

In the Outlook account settings for the user, the shared mailbox does not appear as an additional mailbox.

Removing an Auto-Mapped Mailbox from Outlook

The reason that the shared mailbox appears in Outlook, but does not appear in the Outlook account settings, is that auto-mapping is enabled by default when a user is granted access to a shared mailbox or to another user’s mailbox. When auto-mapping is enabled, Outlook receives extra information in the Autodiscover response that tells it to open the additional mailbox.

The auto-mapping option can only be configured at the time the permissions are granted. If you want to remove auto-mapping for a user’s access to a shared mailbox, then you must remove their mailbox permissions and then re-add the permissions again. Also, this will need to be performed using PowerShell, because the Exchange Admin Center doesn’t expose the option to enable or disable auto-mapping when configuring mailbox permissions.

To remove and re-add a user’s mailbox permissions using PowerShell, we can use the following steps. First, for an on-premises mailbox open the Exchange Management Shell, or for a cloud mailbox connect to Exchange Online.

Using the example from the screenshot above, the user in question is Adam Wally, and the shared mailbox is named ShareOnPremMailbox. Use Get-MailboxPermission to check that the permissions have been granted as mailbox permissions.

[PS] C:\>Get-MailboxPermission -Identity SharedOnPremMailbox -User Adam.Wally | fl


RunspaceId      : 1af8b9f0-d64e-4cb8-b8e1-e905c6923ed5
AccessRights    : {FullAccess}
Deny            : False
InheritanceType : All
User            : ESPNET\adam.wally
Identity        : exchangeserverpro.net/Company/Head Office/Shared/SharedOnPremMailbox
IsInherited     : False
IsValid         : True
ObjectState     : Unchanged

Next, use Remove-MailboxPermission to remove the mailbox permission for the user.

[PS] C:\>Remove-MailboxPermission -Identity SharedOnPremMailbox -User Adam.Wally -AccessRights FullAccess

Confirm
Are you sure you want to perform this action?
Removing mailbox permission "SharedOnPremMailbox" for user "Adam.Wally" with access rights "'FullAccess'".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Finally, re-add the mailbox permission by running Add-MailboxPermission, this time using the -AutoMapping parameter to disable auto-mapping.

[PS] C:\>Add-MailboxPermission -Identity SharedOnPremMailbox -User Adam.Wally -AccessRights FullAccess -AutoMapping:$false

The change will not immediately be obvious to the end user, because there is a delay before their Outlook client picks up the change via Autodiscover. When Outlook receives the updated Autodiscover response, it will remove the auto-mapped mailbox from the user’s Outlook profile. If the user needs to access the mailbox for anything, they must add it to their profile, or open it via the Outlook File menu.

As a side note, there’s nothing in the Get-MailboxPermission output that will tell you whether a user who has access to a mailbox will be auto-mapped. However, for on-premises mailboxes you can query the Active Directory user object properties to determine who will be auto-mapped to a mailbox. The property that stores this information is named msExchDelegateListLink, and it can be queried using Get-ADUser. For example, to view the list of auto-mapped users for a mailbox named Payroll, we can run the following command.

[PS] C:\>Get-ADUser -Filter {Name -eq "payroll"} -Properties msExchDelegateListLink | Select -ExpandProperty msExchDelegateListLink

CN=Bruce.Thillainayagam,OU=Users,OU=Head Office,OU=Company,DC=exchangeserverpro,DC=net
CN=Alex.Heyne,OU=Users,OU=Branch Office,OU=Company,DC=exchangeserverpro,DC=net

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. tsmart87

    Thank you, just tried this, will see what happens later. Asked the user to be just patient.

  2. sebus

    Still cannot get rid of ghost mailboxes (that were auto mapped) from a user Outlook, these mailboxes no longer exists, so cannot add/remove anything

  3. Koji Kabuto

    Does anybody know what the equivalent is for the attribute msExchDelegateListBL in AzureAD?

    There must be something in AzureAD to trigger auto-mapping but I can’t find it.

  4. Jamie

    I still have the same issue with Exchange 2010, a deleted mailbox is stall appearing on a users Outlook profile. I am assuming it was added using the automap feature.
    The question is with no AD/Exchange account to ADSIedit check/remove the links and no links in the user’s AD account attributes how do I delete the ghost mailbox on the side of the user profile?

  5. Neil McKirdy-Deadman

    Didn’t need to remove them, just running the Add-MailboxPermission with -AutoMapping:$false was enough to remove them from Outlook after some waiting.

  6. Korbyn

    I am still shocked after all these many years, 10+ now, that there simply isn’t a reg key for the Outlook client to stop the automapping from it’s side.

    I had to assign a single owner to all Shared Mailboxes for a exchange migration, the poor bastard now has over 300 additional mailboxes in his profile and crashing his outlook…

  7. mike

    owned for sure. incorrect means owned

  8. Chandan Kumar

    Adding mailbox permission with Automapping as false worked for me.

  9. UNALONUR

    Hello I use onprimes Exchange 2016 and Office365 hybird .

    shared mailbox – Exchange2016 on primes,
    User Mail : Office365

    ı want to shared mailboxes not add auto map, ı was run the bellow script

    Add-MailboxPermission -Identity “11111” -User “asd” -AccessRights FullAccess -InheritanceType all –AutoMapping $False

    But again add sharedmailbox auto user outlook client .

  10. Russell Mangel

    Incredibly stupid and unnecessary Feature (Bug). The Outlook Dev Team completely destroy Exchange Server. Gawd this is stupid. Auto-Mapping a mailbox to a profile because I have delegated full access.

    Imagine an admin that has 300 mailbox delegations to archive mailboxes, Yup, now you get 300 additional mailboxes in your profile, worse after you remove the Full access permission. The auto mapped mailbox remains.

    Gawd I despise the Outlook Dev Team.

    1. Armin

      I love the automap feature.
      But also I can’t see a reason for an admin that you actively use to have access to 300 Mailboxes.
      The problem here is not the automap, it is your strange permissions…

      1. James

        If it “automaps” when you grant permission, it should “auto un-map” when you remove the permission.

        This is not a difficult topic to understand at all. It doesn’t matter if it is 3 mailboxes or 300, the automap behavior is useful, but poorly implemented.

        1. Avatar photo
          Tony Redmond

          I think it’s functionality of its time. When Outlook introduced automapping (2007 maybe?), it was to fix a problem. Most of the time people want access to a mailbox and don’t worry so much about removing permissions. So it is what it is. Not great but useful.

          1. Kyle Beestrum

            No, it is not useful, especially in an enterprise organiztion.

            When you also add the permission to “SendAs” and you are in a hybrid configuration, it essentially breaks the process.

            The choice to allow auto-mapping is fine. The inability to have that choice outside of powershell is an absolute nightmare for any enterprise environment,

          2. Avatar photo
            Tony Redmond

            Feel free to express your feelings to Microsoft. Commenting here is fine, but they won’t do anything to improve matters if they don’t understand the reasons why the current implementation causes problems for end users.

  11. Daniel

    What if the mailboxes no longer exist and are gone from the soft delete ie no bringing them back? You can’t map something that doesn’t exist then you can’t unmap it either. There has got to be a local cache you can delete- because they don’t show in OWA, so we know the server isn’t holding onto the inboxes.

    Thank you,

    1. Tex

      Ever find a solution to this?? I have several users with old non-existent mailboxes in Outlook I cant get rid of … recreated profiles, set them up on different PC’s, these zombie mailboxes are still there!

      1. Luke

        I have a similar issue, but my user(s) have Outlook showing mailboxes that are still active (a mix of users and shared), but they have no permission set. I used PS to check for each user, and that suggested no access to them.

        This article suggests using AD; “the property that stores this information is named msExchDelegateListLink, and it can be queried using Get-ADUser”

        For me, the users had nothing set here either.

        I found another article with a similar issue, and have tried that. This is to use powershell to grant access back to the mailboxes (I assume you may have to recreate the zombie ones temporarily with the same aliases as before), wait a short time and then use powershell to remove the permissions. I’m waiting for the user(s) to confirm these mailboxes have now dropped out of Outlook… I will update once they confirm

  12. Chris

    I too have this issue Office 365 and CtoR Outlook 2016.

    Numerous users where the full access permissions have been removed but the mailbox name lingers as an object in Outlook which when clicked pop an error message (as expected) I am trying to see whether adding back with Full Access, with automapping disabled and then a day later removing the permission again will be effective. Unless anybody knows of a better way.

    1. Pankaj Tiwari

      Remove auto mapping
      —————————
      1. Firstly run the below command in power shell:
      Add-MailboxPermission -Identity -User -AccessRights FullAccess -AutoMapping:$false

      Note:
      In this command, represents the mailbox to which the user is granted permissions, and is the mailbox of the user from whom you want to remove full access permissions.

      2. Then run the below command:
      Remove-MailboxPermission -Identity -User -AccessRights FullAccess -InheritanceType All

      3. Check after 1 hour in your outlook if mailboxes appear then close outlook and restart again.

      Try these steps i think it will work.
      —————————————–

  13. Steve

    thanks a lot for this, i added a mailbox once and removed it later and its still in my outlook
    the mailbox is being used by someone else now

    my question is can i just disable automapping for me only? without adding it again and without effecting the current user?

    thanks

  14. George

    Any way to fix this if the delegates have been deleted for an extended amount of time..
    I don’t see the permissions on the mailbox but the user outlook is still showing the additional no longer existing mailboxes. You would have thought that housekeeping would automatically handle this..

  15. Chuck

    We have an old Exchange Manager who moved into another branch of management and has rights (auto-map turned on) to over 280 accounts. Is there a powershell script to remove auto-map from all accounts except your own? I am guessing something that would keep NT\Authority and NT\Self but remove all others.

    1. Chuck

      NOTE: We are still on Exchange 2010 SP3 CU22

  16. Ken Peterson

    I have a rather odd issue where I have a user who had access to a number of mailboxes before moving to the cloud. Similar to your description, these do not show up under additional mailboxes. However, he has since transitioned to Office 365 and had his permissions for the mailboxes removed, yet the mailboxes remained in his Outlook.

    I have verified there are no users listed in the mailboxes msExchDelegateListLink attribute in AD. I manually ran a Sync through the Synchronization Service Manager and restarted Outlook but the mailboxes are still showing up. Any thoughts?

  17. David Liddle

    I discovered that several of our mailboxes have an “orphaned” full access entry for the domain administrator in addition to that account’s inherited full access permissions. I would like to remove this rogue entry, but the process I have read about so far will not succeed so long as the administrator account has inherited permissions. What might a person cleverer than I recommend?

    1. WP

      What method have you read?

  18. Michael

    I have removed delegation from several mailboxes for a user. The mailboxes are lingering. Any advice?

  19. Scott Warren

    This worked very nicely for me thanks. Once I set auto-mapping to false within a few minutes I restarted Outlook and those pesky mailboxes were gone. If you need to remove access once the mailboxes are removed then revoke the access after they are gone.

  20. Jack Maiher

    Often, we’re finding that AFTER removing access to a mailbox, the mailbox is still staying automapped on a client Outlook.

    We want to remove this mailbox from the client’s Outlook when they no longer need access to it.

    The command that is repeatedly touted is to GIVE “Full Access”, but turn off automapping.

    But, at least in our situation, we don’t want any access granted to the other mailbox anymore.

    So is the missing step to go ahead & remove the access once sync has taken place?

    Or is there a different command to remove the access and the automapping?

    We have a lot of users that have these lingering mailboxes added to their Outlook that need to go away – and they currently show as NOT having any access granted to them…
    *For what its worth – we’re in a hybrid 2010 / EXO environment. And this doesn’t always occur. Plenty of times we provided Full Access to a user for a period of time, and then remove the access, and the automapped mailbox goes away as it should.

    1. Evan Mann

      This is the way I do it (go back and remove full access) and the only way I’ve seen to handle it. If I don’t feel like waiting for autodiscover to pickup the automapping change, I will make the user close/re-open Outlook. Within a minute or two of that, the mailbox will be removed since the autodiscover check occurs right away.

      1. Nick

        Hey Evan,

        That doesnt work. I have a user with an ex-employee’s mailbox on her Outlook, has not had Full access for about a year now, and I have even uninstalled and reinstalled Outlook and its still there.

  21. Stacy Lopez

    Just wanted to check in and see if there has been any updates to removing automapping? I currently have access to over 70 work mailboxes which I only need to access on occassion and couple of those on a daily basis. On my MAC at work I have been able to load only the accounts I use most often and the Office 365 to log in to the other accounts. However, when I was adding my Outlook account to my personal laptop it automapped 70+ mailboxes which freezes up Outlook and makes it a nonfunctioning program that I cannot use, change or delete. I do not have the capacity to remove permissions and then re-add them individually. Any other suggestions to remove the automapping function. Is there a reason this works differently on a Mac versus laptop running Windows 10?

    1. Avatar photo
      Paul Cunningham

      Outlook on Mac doesn’t handle auto-mapping the same way as Outlook on Windows.

      There’s been no changes to auto-mapping behaviour. If you don’t want the mailboxes auto-mapped, the procedure to remove and readd the permissions is still the way to do it.

  22. Juan Celaya

    It works ok.
    Thanks a lot for your contribution!!!

  23. Ryan W

    Hi Paul, I always advise admins against automapping as it adds an Additional Mailbox in Outlook which then gets cached in the default mailboxes OST. We have seen sync issues when this files contains over 500 folders for Additional Mailboxes and want to avoid this.

    Instead we add mailboxes as Additional Accounts which use their own OST files. This has some other user experience benefits (and drawbacks) in Outlook but mainly seems to deliver more reliable syncing to Exchange Online.

    If you have a moment to reply, my question is do you ever advise clients to use Additional Accounts instead of Additional Mailboxes and are you aware of the 500 folder issue?

    Many thanks, Ryan.

    1. Avatar photo
      Paul Cunningham

      I’m aware of the limit.

      Adding the mailboxes as additional accounts requires that you know the password, which isn’t practical for shared mailboxes or when granting Person A access to Person B’s mailbox.

      1. Joe F.

        Hi Paul,

        this is actually incorrect. When you add the second account, leave the password blank. Autodiscover will proceed and then the authentication box will appear. Change the authentication from the mailbox email address to the user trying to access it and use their password, it will give you access to the mailbox.

        I almost always use additional accounts. It allows you to select how long you want to cache each mailbox as well.

        1. Ryan W

          Do you then have search problems with additional accounts in Outlook 2016 ProPlus though Joe?

        2. ManfredS

          Any comments on this Paul?

          1. trasdf

            Paul got owned.

          2. Steve

            You do not get owned by getting one incorrect answer.

  24. Toni

    Thanks for continuous posting of your articles!

Leave a Reply