On a recent project I had to consider how to implement meeting rooms in Exchange 2007 SP1. I read all of the available TechNet articles and posts and then I realized that it was not necessarily easy to set up meeting rooms with correct policies on the first try. So, I made a synthesis on how to quickly create the meeting room of your dreams, in hopes that this can help you.
Resource Mailbox Overview
Resource mailboxes are specific types of mailboxes that can represent meeting rooms or shared equipment and can be included as resources in meeting requests. The Active Directory user that is associated with a resource mailbox is a disabled account. The different types of resource mailboxes in Microsoft Exchange Server 2007 are:
- Room mailbox: a resource mailbox that is assigned to a meeting location, such as a conference room, auditorium, or training room. Room mailboxes can be included as resources in meeting requests.
- Equipment mailbox: a resource mailbox that is assigned to a non-location specific resource, such as a portable computer projector, microphone, or a company car. Equipment mailboxes can be included as resources in meeting requests.
- Shared mailbox: a mailbox that is not primarily associated with a single user and is generally configured to allow logon access for multiple users. After a shared mailbox is created (by using the Exchange Management Shell), you must grant permissions to all users that require access to the shared mailbox. Even if this is not a resource mailbox, I mention it here because companies commonly use that kind of mailbox for collaboration or business needs.
Example 1: How to create a resource mailbox
Create a Room mailbox:
New-Mailbox -database "Storage Group 1\Mailbox Database 1" -Name ConfRoom1 -OrganizationalUnit "Conference Rooms" -DisplayName "ConfRoom1" -UserPrincipalName ConfRoom1@contoso.com -Room
Create an Equipment mailbox:
New-Mailbox -database "First Storage Group\Mailbox Database" -Name VCR1 -OrganizationalUnit Equipment -DisplayName "VCR1" - UserPrincipalName VCR1@contoso.com -Equipment
Create a Shared mailbox:
New-Mailbox -database "Storage Group 1\Mailbox Database 1" -Name SharedMailbox01 -OrganizationalUnit "Resource Mailboxes" -DisplayName "SharedMailbox01" -UserPrincipalName SharedMailbox01@contoso.com -Shared
Resource Mailbox Properties
You can configure resource mailbox properties for resource mailboxes. For example, you can use the ResourceCapacity, Office, and ResourceCustom parameters with the Set-Mailbox cmdlet to configure some of these settings.
Custom resource properties can help users select the most appropriate room or equipment by providing additional information about the resource. For example, you can create a custom property for room mailboxes called AV. You can add this property to all rooms that have audio-visual equipment. This allows users to identify which conference rooms have audio-visual equipment available. A custom resource cannot contain a value; it's only a flag that can be added to a resource mailbox, flags are defined globally for the Exchange organization.
Before you can assign custom resource properties to a room or equipment mailbox, you must first create these properties by modifying the resource configuration of your Exchange organization. Custom resource can be added with the Set-ResourceConfig cmdlet.
- All entries provided to the Set-ResourceConfig cmd-let must start with either Room/ or Equipment/. Setting a new entry using the Set-ResourceConfig cmdlet will overwrite all existing entries, and not add a new entry to the list. Use the Get-ResourceConfig cmdlet to query the existing entries, and then append to the list.
- For every custom resource property you create in your organization, you must specify to which resource mailbox type it applies (room or equipment). When you are managing a resource mailbox, you can assign only those custom resource properties that apply to that specific resource mailbox type. For example, if you are configuring a room mailbox, you can assign only the custom resource properties that apply to room mailboxes.
- In Microsoft Exchange Server 2003 and earlier versions, LDAP filtering syntax is used to create custom address lists, global address lists (GALs), e-mail address policies, and distribution groups. In Exchange Server 2007, the new OPATH filtering syntax replaces the LDAP filtering syntax. For example a new address lists can only be based on properties filterable by the -RecipientFilter parameter (complete list: http://technet.microsoft.com/en-us/library/bb738157.aspx ). Other properties, including any customer schema extensions, cannot be used in the -RecipientFilter parameter. So LDAP attributes defined to search for rooms or create Address Book views must be included in OPATH properties to allow for a wide use within Exchange 2007.
Example 2: Create Custom Properties for Resource Mailbox
Set-ResourceConfig -ResourcePropertySchema ("Room/TV", "Room/VCR", "Equipment/Auto")
Example 3 : Configure Resource Mailbox Properties
Set-Mailbox -Identity "ResourceMailbox01" -ResourceCustom ("TV","VCR") -ResourceCapacity 50
Room Mailbox Settings
Before explaining how to create the different types of room mailbox, we must focus on the settings that can be done with Set-MalboxCalendarSettings. With this cmdlet you can configure many parameters on the resource mailbox (maximum meeting duration allowed, default reminder time, etc...). A complete list with description is available at http://technet.microsoft.com/en-us/library/aa996340.aspx.
The main parameter that interests us is AutomateProcessing which allows enabling or disabling calendar management on the resource mailbox. The three possible values are:
- None Both resource booking and Calendar Attendant will be disabled on the mailbox. (Meeting requests will not be processed and stacked in the inbox of room mailbox).
- AutoUpdate This is the default value. The Calendar Attendant will process meeting requests which will sit in the calendar of the room in a "tentative state" waiting a delegate approval. (The meeting organizer will receive only the decision of the delegate)
- AutoAccept Resource booking will be enabled on the room mailbox. This means that the room will take into account the policies for the incoming requests (who can schedule.). (With automatic booking configuration, the organizer will receive the decision of the room. Otherwise organizer will first receive a message of recognition pending delegate approval).
- Calendar Attendant automatically places new meetings on the calendar as tentative appointments, updates existing meetings with new information, and deletes out-of-date meeting requests without any client interaction. The Calendar Attendant also processes meeting forward notifications by sending a notification when a meeting request is forwarded and adding meeting attendees to the calendar when a meeting notification is received.
- Resource Booking Attendant automates acceptance and declination of resource booking requests. Policies can be set up for each resource based upon by whom, when, and for how long a resource can be booked.
The AutoAccept value enables the resource booking policies to manage who can book the room and under what conditions. For each room mailbox, each user can be member of different policies:
- BookInPolicy: List of users who are allowed to submit in-policy meeting requests. In-policy requests from these users will automatically be approved;
- RequestInPolicy: List of users who are allowed to submit in-policy meeting requests. In-policy requests from these users will be subject to approval by a delegate;
- RequestOutOfPolicy: List of users who are allowed to submit out-of-policy meeting requests. Out-of-policy requests from these users will be subject to approval by a delegate;
In the context of resource mailboxes, InPolicy and OutOfPolicy simply mean whether or not the meeting invitation matches any restrictions enabled on the resource mailbox. There are also policies to specify permissions for all users (AllBookInPolicy, AllRequestInPolicy, AllRequestOutOfPolicy).
For example MaximumDurationInMinutes value for the resource mailbox is 30 minutes, any meeting invitation longer than 30 minutes would be OutOfPolicy. Using the RequestOutOfPolicy field, you can manually add users that are allowed to request meetings that are not within the policy.
Figure 1 : Booking Policy - Who can schedule a resource for an Auto-Accept resource mailbox
Room Mailbox Main Scenarios
Now that we know how to create a meeting room with ideas a little clearer on strategies, let's look at main scenarios of room mailbox that we can implement:
- Room with automatic booking;
- Room with meeting requests forwarded to a delegate;
- Room requiring the logon of a delegate to manage the meeting requests.
Room with automatic booking
To set automatic booking , set AutomateProcessing to AutoAccept to enable resource booking policies. With the default configuration of room policies, all users will then be allowed to send in-policy meeting requests. These requests will be processed automatically by the room.
Example 4: How to enable automatic booking on a Resource Mailbox
Set-MailboxCalendarSettings -Identity "Conference Room" -AutomateProcessing AutoAccept
Room with meeting requests forwarded to a delegate
To set the room forwarding the incoming meeting requests to a delegate for approval, you must enable and configure policies, and define a delegate:
- Enable policies: set AutomateProcessing to AutoAccept;
- All incoming meeting request must be approved by a delegate: set AllRequestInPolicy to True and AllBookInPolicy to False ;
- Define a delegate under ResourceDelegates parameter. A Resource delegate will have the following permission:
- Editor on the Calendar folder of the resource mailbox;
- Editor on the "FreeBusy Data" system folder of the resource mailbox;
- Ability of "Send on behalf" of resource mailbox.
- Editor on the Calendar folder of the resource mailbox;
Example 5: How to set a Room to forward request to a delegate
Set-MailboxCalendarSettings -Identity "Training Room" -AutomateProcessing AutoAccept -ResourceDelegates "Isabelle Dupont" -AllBookInPolicy:$false -AllRequestInPolicy:$true
The delegate can now manage meeting requests forwarded by the room mailboxes from his own mailbox by accepting or rejecting them.
He can also access to the calendar folder of the room mailbox (by the "Open other user's folder" feature of Outlook client). It should be noted that the responses received by the organizers will be from the delegate on behalf of the room mailbox.
Note: When the Set-MailboxCalendarSettings cmdlet is re-run to modify any settings the original delegate's permissions are removed. The delegate is still displayed when running the 'Get-MailboxCalendarSettings' cmdlet however if you look at the permissions on the resource calendar, the delegate's permissions have been removed. To re-grant permissions on the resource calendar you must run a "Set-MailboxCalendarSettings resource_alias -ResourceDelegates:$null" command. Afterwards you can re-grant permissions to the intended user. Until this problem is fixed, we would recommend running this command before making any changes to resource delegates.
Room whose management is done directly by the delegate
It's the default of a newly created room with the AutomateProcessing parameter set to AutoUpdate.
The Calendar Attendant will process meeting requests which will sit in the calendar of the room in a "tentative state" waiting a delegate approval. The delegate needs permissions to connect to the resource mailbox and manage the meeting requests: "Full Mailbox Access" to access the resource mailbox and for example "Send-As" to respond to requests in a transparent manner.
Example 6: The delegate manage the request from the resource mailbox
Set-MailboxCalendarSettings -Identity "Conference Room" -AutomateProcessing AutoUpdate
Add-MailboxPermission -AccessRights FullAccess -Identity "Conference Room" -User "Isabelle Dupont"
Add-ADPermission -Identity "Conference Room" -User "Isabelle Dupont" -ExtendedRights Send-As
Note: "Send As" versus "Send on Behalf"
- Send As permission will allow a user to send as another user.
- Send on Behalf permission will allow a user to send on behalf of another user. This means that the recipient knows who really sent the message because it is clearly stated in the message.
Based on the previously detailed main scenarios the minimum parameters to set are the following:
Resource Calendar Settings
All Book In Policy
All Request In Policy
Request forwarded to delegates
List of Delegates
Delegates approve from room mailbox
Whatever the scenario, a delegate can modify the resource booking parameter (except the delegate's part) by accessing the resource mailbox with Outlook Web Access (https://firstname.lastname@example.org). To do this, the delegate needs the "Full Mailbox Access" permission to the resource mailbox.
Figure 2 : Resource Mailbox Settings with Outlook Web Access
For further reading and the most up-to-date information:
- Understanding Recipients: http://technet.microsoft.com/en-us/library/bb201680.aspx
- Managing Resource Mailboxes: http://technet.microsoft.com/en-us/library/bb124374.aspx
- How to Set Resource Booking Policies: http://technet.microsoft.com/en-us/library/bb124987.aspx
- Set-MailboxCalendarSettings: http://technet.microsoft.com/en-us/library/aa996340.aspx
- Resource scheduling in Exchange Server 2007: http://msexchangeteam.com/archive/2007/05/14/438944.aspx
- French version of this post : http://blogs.technet.com/frmcsuc/pages/exchange-2007-room-mailbox.aspx
-- Murat Gunyar