Delegate is unable to see private items if permissions are granted to distribution group or security group

Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION IN RESPONSE TO EMERGING OR UNIQUE TOPICS, AND MAY BE UPDATED AS NEW INFORMATION BECOMES AVAILABLE.

ENVIRONMENT:
Windows 2003 Service Pack 1

ROLES:

• Exchange Version: 2003
• Exchange SP: 1

When userA gives full mailbox access permissions to userB (for all his items and check "delegates can see my private items"), userB can see userA's private items without any problem.

But, If the user B is the member of a security group we cannot add that security group to the "delegates can see my private items" option in outlook.

It is possible to add a distribution group instead of security group to the "delegates can see my private items" option in outlook but even this will not allow the members of the distribution group to see the private messages.

This behaviour is by design.

http://support.microsoft.com/?id=275921

To enable delegates to see messages marked as Private, follow these steps: Follow below steps if you want to add a single user to the "delegates can see my private items" option in outlook.

1. Create an Outlook profile and log on to the Resource1 mailbox.
2. On the Tools menu, click Options, and then click the Delegates tab.
3. Click Permissions and assign Reviewer permissions (or higher) to the Inbox.
4. Click to select the Delegate can see my private items check box.

As this behaviour is by design follow the below work around if you don't want to add single user to the "delegates can see my private items" option but rather you want to achieve the same task by a security group.

The workaround to this would be:

1. Create a Universal Security Group in AD Users and Computers (not a Distribution Group).
2. Add users who should have access to the Public Folder.
3. Create a mail-enabled Public Folder in Exchange System Manager.
4. Go into the properties of the Public Folder in Exchange System Manager and select the "Permissions" tab.
5. Set Default and Anonymous users to the "Contributor" role (this way anyone can send email to the Public Folder)
6. Add the Universal Security Group that was created in step 1 above and set the permissions appropriately (you could set the group as Owner, but if they don't ever need to modify or delete anything you may want to use a role that just has "Read" permissions).
   
   At this point you'll have the new Public Folder with its own email address and the correct users will have permissions to access it. To make the change seamless to people sending email into the resource mailboxes, you can configure the existing Resource Mailboxes to forward all incoming mail to their new Public Folders. Use these steps to do this:
7. Go into the properties of the resource mailbox in Exchange System Manager.
8. Select the Exchange General tab
9. Click "Delivery Options"
10. In the "Forwarding Address" section, select "Forward To:" and click "Modify" to select the Public Folder to which you want the email forwarded. It will redirect all incoming mail to this Public Folder unless you check the box labeled "Deliver messages to both forwarding address and mailbox"
11. You can then open the resource mailbox as a user who has write permissions on the Public Folder and drag/drop all the old messages into the Public Folder.

MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE FOR ANY PURPOSE. THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED HEREIN AT ANY TIME.

For more information on the terms of use, click on the link below:
http://support.microsoft.com/tou/