Mike F Robbins

Open Exchange Management Shell and execute the New-Mailbox cmdlet using the following example as a template:

New-Mailbox -Alias "MySharedMailbox" -Name "My Shared Mailbox" -Database "MAIL1\First Storage Group\Mailbox Database" -OrganizationalUnit "mikefrobbins.demo/My OU/Users/Mailbox" -Shared -UserPrincipalName "mysharedmailbox@mikefrobbins.demo"

The following cmdlet assigns full access for the mailbox to a group in Active Directory named “My Shared Mailbox Admins” which needs to exist in AD prior to executing this command:

Get-Mailbox -Identity "My Shared Mailbox" | Add-MailboxPermission -User "My Shared Mailbox Admins" -AccessRights "FullAccess"

This cmdlet allows members of the “My Shared Mailbox Admins” group in Active Directory to be able to send email from the “mysharedmailbox@mikefrobbins.demo” email account:

Get-Mailbox -Identity "My Shared Mailbox" | Add-ADPermission -User "My Shared Mailbox Admins" -AccessRights: ReadProperty, WriteProperty -Properties "Personal Information" -ExtendedRights "Send-As"

Once these steps are completed, any AD user who is added to the “My Shared Mailbox Admins” group in AD will be able to open the “mysharedmailbox” and send email from this account.

µ

Problem:
When opening Microsoft Outlook you receive a Security Alert  ”Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.”

Solution:
The self-signed certificate that was created during the Exchange 2007 installation expires after one year. Use Exchange Management Shell to validate this is the problem you’re experiencing by running the “Get-ExchangeCertificate | List” cmdlet. NotAfter shows the certificate expiration date, Services shows the mail services that are being used by a particular certificate, and Thumbprint will be used to resolve this problem if your certificate is indeed expired.

Use the Exchange Management Shell to renew your default self-signed certificate to resolve this problem if it is expired. Note, this procedure cannot be used to renew a certificate purchased from a trusted certificate authority. First, obtain the thumbprint of the current default certificate by running the “Get-ExchangeCertificate | List” cmdlet. Next, clone the current certificate by running “Get-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | New-ExchangeCertificate”. Remove the expired certificate with the “Remove-ExchangeCertificate -Thumbprint xxOLDTHUMBPRINTxx” cmdlet. The new cloned certificate will be good for one year.

Solution #2:
You also have the option of creating a new self-signed certificate. Verify your certificate is expired and obtain its Thumbprint by using that portion of the above procedure. Create a new self-signed certificate by using the “New-ExchangeCertificate” cmdlet. You’ll be prompted to replace the default certificate, choose yes. Associate the new certificate with IIS with the “Enable-ExchangeCertificate -Thumbprint xxNEWTHUNBPRINTxx -Service IIS” cmdlet unless you have purchased a certificate from a trusted certificate authority and it is associated with IIS. Remove the expired certificate. This option is less desirable than renewing the current certificate since any modifications made to the Exchange website SSL settings could be affected since SSL is removed, re-added, and reset as “Require 128-bit encryption”.

For more information:
http://technet.microsoft.com/en-us/library/bb851505.aspx

µ