0

I need to make my resource reservation system (using Exchange 2010 calendars) available for external users. Edit: we have a resource that can be used by only one person at a time and we would like to allow our domain users to book this resource BUT we would like to allow people that hasn't any access to our domain to do the same thing.

The solution I'm thinking of is to create a mailbox which will be used by customers (they add the mailbox in a mail client) so that they can open the resource calendar and book it.

The problem I'm facing right now is that every domain account is part of the group Everyone which :

  • has read access to every server of the domain
  • can list the global address book
  • can do a lot of things that is OK for any domain user but not for this external user account.

Note :

  • I cannot use a shared mailbox because the people that should use this mailbox don't have any domain account
  • I cannot simply disable the user object and keep the mailbox because this removes the possibility to use the mailbox
  • If I remove the "domain user" group membership and add a new unused group the account stays in the Everyone group which has a lot of rights

How could one restrict a domain account access to everything except his mailbox and a resource calendar?

Philipili
  • 23
  • 1
  • 9
  • More background on your use case would be better. This is an XY Problem. What you’re asking to do is not the right way to accomplish whatever it is you are trying to accomplish. – Appleoddity Jun 12 '18 at 05:41
  • The thing is that I do not know how to get the result I want. I know that I should look at Federated Sharing or Domain Trust (https://serverfault.com/questions/122651/share-exchange-outlook-calendars-between-two-different-domains) but it should be possible to create a user that can't do anything and to allow him only serveral tasks. – Philipili Jun 12 '18 at 06:19

0 Answers0