none
EWS - Impersonation Doesn't Work RRS feed

  • Question

  • I have rights to send email/calendar appointments as a shared mailbox to other people within Outlook through Exchange 2010, but why does it not allow to send when I try to impersonate the shared mailbox through EWS?  

    If says that I do not have permissions to do the action.

    What access level do I need?

    Monday, February 18, 2013 3:54 AM

All replies

  • EWS Impersonation is a separate permission configured via RBAC that must be given to the account your using see http://msdn.microsoft.com/en-us/library/bb204095.aspx.

    Cheers
    Glen

    Monday, February 18, 2013 5:07 AM
  • Hi Glen,

    I now have impersonation rights to the shared mailbox, but still unable to send as the shared mailbox when using impersonation. I used the instructions in the link below and had my exchange administrator set the permissions for me.

    http://msdn.microsoft.com/en-us/library/exchange/bb204095(v=exchg.140).aspx

    What else is missing that can possibly be disabling my ability to impersonate the mailbox?

    Thursday, February 28, 2013 11:20 PM
  • >> shared mailbox

    What type of shared mailbox are you talking about ? http://technet.microsoft.com/en-us/library/bb201680(v=exchg.150).aspx. By default a Shared Mailbox's Active Directory account will be disabled eg

    "Shared mailboxes   Shared mailboxes aren't primarily associated with individual users and are generally configured to allow access by multiple users.
    Although it's possible to assign additional users the logon access permissions to any mailbox type, shared mailboxes are dedicated for this functionality. The Active Directory user associated with a shared mailbox must be a disabled account. After you create a shared mailbox, you must assign permissions to all users that require access to the shared mailbox"

    Because of this when you try to impersonate it you also impersonate the Disabled context of the account which means your attempt to access exchange won't work because your security context is disabled. So to fix that what you will need to is enable the Active Directory account of the shared mailbox which will then allow you to impersonate it successfully.

    Cheers
    Glen

    Friday, March 1, 2013 5:17 AM