Jaa


Creating an Outlook Profile for an Alternate User

Imagine you have full-access rights to a mailbox, and you want to create a profile for that user.  While you could simply open "Other User's Folder", or add that user's mailbox to your own profile, there may be any number of reasons to create a custom, dedicated profile for that user.

You may be tempted to manually create the profile -- do not do this.  In Exchange 2013 and 2016 there is little to no expectation you will be met with success.  We use the mailbox GUID as the "Server" and really rely on Autodiscover to handle this for you.  We'll get AutoD to hand us the other user's mailbox info, and we'll log on using our own credentials.

Create a new profile in Outlook, but change your answers in the autoconfiguration wizard so we're opening the other user's mailbox.  You want Outlook to send the Autodiscover request for the target user, but authenticate as your own account.  This way we get all the intended client access endpoints, and we're using our own credentials so there's no security issues.

[caption id="attachment_125" align="aligncenter" width="310"]Step 1 Step 1 - Create a New Profile[/caption]

Replace the auto-populated information with the target user's name and email address.  Ignore the password here, we don't (and probably shouldn't) know the target user's password.

[caption id="attachment_135" align="aligncenter" width="694"]Step 2 - Fill in the wizard Step 2 - Fill in the wizard[/caption]

When you click 'Next' here, Outlook will run its auto-configuration routine, and should automatically authenticate as your current desktop user.

[caption id="attachment_145" align="aligncenter" width="694"]Step 3 - Autoconfiguration Step 3 - Auto-configuration[/caption]

Clicking 'Finish' will open Outlook (unless you started this wizard from the Mail control panel), and it will attempt to log in.  If you get any authentication prompts, just use your existing credentials.  Remember, this process is for creating a profile when you already have full access to the target mailbox.

[caption id="attachment_155" align="aligncenter" width="439"]Step 4 - Auth as yourself Step 4 - Auth as yourself[/caption]

You should have a clean profile connected only to the target mailbox.  Success!

[caption id="attachment_165" align="aligncenter" width="497"]Step 5 - Profit! Step 5 - Profit![/caption]

 

Jason Slaughter

Comments

  • Anonymous
    December 21, 2016
    The comment has been removed
    • Anonymous
      December 21, 2016
      Yours is an interesting perspective, but I have to disagree. Autodiscover has been around since 2007 and was created because we received so many support calls from users who had problems creating Exchange profiles. In general using Autodiscover lowers the administrative overhead versus manual configuration, and is more robust. Changes on the back-end are reflected pretty quickly, with no interaction required. Considering Outlook 2016 doesn't even support Exchange 2007, you should be using Autodiscover if you're running Outlook 2016 and Exchange.Note that we made this information about Outlook 2016 available in late 2015, over a year ago. We expect that IT admins will be testing new versions of software (from any vendor) before rolling it out across the board, and we have support available to advise on any questions or issues that may arise during that evaluation phase.If you need more information on deploying Outlook 2016 in your org, please check out the Outlook 2016 Deployment Guide for Admins. It has system requirements (including the Autodiscover requirement) and other information I hope you find useful. It also includes information on the Office Customization Tool (OCT) which allows admins to configure profiles how they want including multiple accounts, cached versus online mode, and more.It's been roughly 10 years since Autodiscover's introduction and manual profile creation shouldn't be required. I personally can't imagine a scenario where you'd still want to admin profiles through the manual profile creation dialogs, but if you have a scenario where Autodiscover doesn't seem to fit how your running your organization, please let me know and I may be able to assist.
      • Anonymous
        February 08, 2017
        How About in Hybrid environments, where we have a user in Exchange online, but wants a separate profile configured to access a mailbox which has a requirement to be in On-Premise Exchange? We need to manage the rules and recover deleted items from that on premise mailbox frequently but cannot do this easily. Also It is very handy to configure multiple profiles for troubleshooting purposes, I don't want to have 20+ mailboxes in one profile,, and opening different profiles is often the only way to troubleshoot certain issues with a mailbox.
        • Anonymous
          February 08, 2017
          I'm not sure how using AutoDiscover hinders you from creating multiple profiles with both cloud and on-prem accounts. I'm using Outlook 2016 myself, and have multiple cloud and on-premise accounts on various Exchange versions in my profile list. If AutoDiscover is configured properly, having multiple profiles is not a problem.Can you walk me through the process and where it's breaking down for you? When you want to create a profile for a different mailbox in Outlook 2016, you should only need to click the "Connect to a different account" option to get into the same workflow as outlined here in the blog.Screenshot: Outlook 2016 new profile startup dialogEdited: I apparently cannot post images in comments.
  • Anonymous
    July 15, 2017
    we have a single user logon to a computer with multiple e-mail profiles associated. We set the profiles to prompt for the password and that works correctly except for the fact that if someone hits the cancel button at this point, the outlook profile still opens up and the e-mails can be read. we are using cached mode because that is a requirement from headquarters. Is there a way to make sure that the authentication works and will not all access to the mailboxes when not provided? I know this is a year old, but so far, I have not found anyone even reporting this as an issue.
    • Anonymous
      July 31, 2017
      I'm not sure I completely understand the scenario. When you say 'single user', do you mean a single individual who accesses multiple accounts, or do you mean you have a single account logged into the machine, and you have multiple individuals using the machine and you're separating emails via this force password option?In either scenario this would be by design. If you're in cached mode those files are protected via the user account itself. Outlook and most other applications on a Windows machine use the logged in account as the account boundary. The MAPI profiles are stored in the user partition of the registry. IE favorites and most other application config is stored in the same place or in the %APPDATA% under the user folder off of C:\Users. Even if you used OWA, IE is expecting the same user every time. The cookie will pop users back into the last mailbox logged into if they don't log out properly.In Outlook, if you cancel the prompt, it's not going to let you send or receive mail since that prompt is for connecting to the Exchange server. It is not for access to the OST however. Once you log into the machine with a single user you've effectively broken most reasonable ways of separating user data (namely NTFS).If it's not possible to use Windows user profiles for some reason, then cached mode is not going to work for you. Either switch to online mode for this machine, or use OWA and enforce shorter idle timeouts etc there.Note that I'm an Exchange guy, so perhaps there's some other option available, but I'd recommend calling into support for Outlook to discuss at length.