I was recently asked to define the difference between a Mail enabled user and a mailbox user within an Exchange organization. While explaining the differences between the two it dawned on me that Sysadmins and users are still confused on this topic. When to setup an Exchange mailbox, which type for which user can be confusing.

Then throw in Exchange contacts and the party gets more fun! What seems simple to understand can be grey for those that are not deep in the trenches of everyday Exchange admin life. The difference between the two can be confusing so I decided to break it down in somewhat English terms. In this post I will describe the difference between the two and use cases for each.

Setup an Exchange mailbox, which kind?

A mail enabled user is an Active directory account that does not have an Exchange mailbox but is enabled for mail using an external email address. The mail enabled user can not send or store emails on Exchange and when email is sent to Email enabled user the email is sent off to their external address. Utilizing this type of mail recipient allows for other users to locate them easily in the Global Address List. They are similar to mail contacts but the difference is they are associated to an Active Directory account where mail contacts are not. Mail enabled accounts can log into network resources and can be assigned security permissions just like any other user account in Active Directory. Their limitation is that they do not have mailboxes to send and store messages within your Exchange Organization.
A mailbox user within an Exchange organization has an active directory account and a mailbox. The email address associated with the mailbox belongs to the Exchange organization and there is no external email address. All emails sent to an Exchange mailbox is stored on the Exchange databases within the organization. There is a license required for all Exchange user mailboxes which is different than the mail enabled user.

When do you use one over the other?

Mail enabled user:

A use case for mail enabled users would be for consultants that would only need security permissions. Most of the time when you have consultants working for your company they really only need access to network resources and already have their own email accounts from their company. In this scenario you can create an Active directory account then mail enable user using their external email address. The consultant in this case would be able to login to network resources, be assigned to security groups and visible in the Global Address List. An advantage to using mail enabled accounts in this case would be not having to store any emails for the account for the consultant because no mailboxes are stored in your Exchange databases. Emails sent to the account would be delivered to their respective companies mail servers.
Mailbox user:
Use cases for Mailboxes would be for anyone that needs access to network resources and also need to receive, save and send emails. In almost all situations mailboxes would be the better method but as mentioned above there are certain situations that the mail enable user would be a better solution. Also keep in mind that if you are storing the emails they will also be discoverable where mail enable users those emails are not discoverable because you’re not retaining any of the emails.

Both type of accounts can be created using PowerShell. The Enable-MailUser cmdlet is only available for on-premises deployments of Exchange Server.

This example mail-enables existing user Robert Bee with the external email address [email protected]. Note that there is no primary SMTP address parameter given in the cmdlet because by default the primary SMTP address is the external email address.

Enable-MailUser -Identity Robert Bee -ExternalEmailAddress [email protected]

Concluding Thoughts

So there you have it. Hopefully this clarifies the difference between the two and when it’s best to use them.