AD group delegates need access to Private Items

By m8conn ·
I have a group of Admins that would like access to all Private items in all of the conference room calendars. These calendars are setup as user accounts. I have created a group in AD for the Admins and assigned the group as a delegate. The box is checked to allow delegates to view private items; however, the private items are still not viewable. Any ideas?

Using Outlook 2003 and Exchange 2003

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Delegates unable to see private messages.

Windows 2003 Service Pack 1

Exchange Version: 2003
Exchange SP: 1

Delegates unable to see private messages.

When userA gives full mailbox access permissions to userB (for all his items and check "delegates can see my private items"), userB can see userA's private items without any problem.

But, If the user B is the member of a security group we cannot add that security group to the "delegates can see my private items" option in outlook.

It is possible to add a distribution group instead of security group to the "delegates can see my private items" option in outlook but even this will not allow the members of the distribution group to see the private messages.

This behaviour is by design. (

To enable delegates to see messages marked as Private, follow these steps: Follow below steps if you want to add a single user to the "delegates can see my private items" option in outlook.
Create an Outlook profile and log on to the Resource1 mailbox.
On the Tools menu, click Options, and then click the Delegates tab.
Click Permissions and assign Reviewer permissions (or higher) to the Inbox.
Click to select the Delegate can see my private items check box.

As this behaviour is by design follow the below work around if you don't want to add single user to the "delegates can see my private items" option but rather you want to achieve the same task by a security group.

The workaround to this would be:
Create a Universal Security Group in AD Users and Computers (not a Distribution Group).
Add users who should have access to the Public Folder.
Create a mail-enabled Public Folder in Exchange System Manager.
Go into the properties of the Public Folder in Exchange System Manager and select the "Permissions" tab.
Set Default and Anonymous users to the "Contributor" role (this way anyone can send email to the Public Folder)
Add the Universal Security Group that was created in step 1 above and set the permissions appropriately (you could set the group as Owner, but if they don't ever need to modify or delete anything you may want to use a role that just has "Read" permissions).

At this point you'll have the new Public Folder with its own email address and the correct users will have permissions to access it. To make the change seamless to people sending email into the resource mailboxes, you can configure the existing Resource Mailboxes to forward all incoming mail to their new Public Folders. Use these steps to do this:
Go into the properties of the resource mailbox in Exchange System Manager.
Select the Exchange General tab
Click "Delivery Options"
In the "Forwarding Address" section, select "Forward To:" and click "Modify" to select the Public Folder to which you want the email forwarded. It will redirect all incoming mail to this Public Folder unless you check the box labeled "Deliver messages to both forwarding address and mailbox"
You can then open the resource mailbox as a user who has write permissions on the Public Folder and drag/drop all the old messages into the Public Folder.

For more information on the terms of use, click on the link below: (

Microsoft Exchange Server 2003 Enterprise Edition
Microsoft Exchange Server 2003 Standard Edition

Please post back if you have any more problems or questions.

Collapse -

Check the AD properties for

by IC-IT In reply to AD group delegates need a ...

the conference room "user" accounts. Insure that Self is one of the security members and that permissions on the Self are ok. Sometimes there can be a hiccup and if that account doesn't have Self with delegate, it will act as if the delegation is being granted but will not actually happen.

Related Discussions

Related Forums