none
Accessing other mailbox without Impersonation RRS feed

  • Question

  • I'm working in powershell on EX2007.  I want to be able to access a mailbox using my fullaccess admin account.  When I run the script with impersonation it works fine.  When I run the script without impersonation, the script takes action against the admin account, not the user's account.  So in my example here, when I expect to create some items in the user's account, they are created in admin's account

    I have given rights for fullaccess as well as send as and recieve as to the service account(which isn't and domain admin, etc).  In OWA the service account can open the users folders.

    Should this working using full mailbox permissions or do I have to user impersonation.

    Here's my simple example:

    #Reference to/loading EWS dll
    $dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.1\Microsoft.Exchange.WebServices.dll" 
    [void][Reflection.Assembly]::LoadFile($dllpath)

    $emailAddress= "administrator@domain.com"

    $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1)
    #$service.ImpersonatedUserId = New-Object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $EmailAddress)
    $service.credentials = new-object system.net.networkCredential ("ewsadmin","password","domain.com")
    $service.AutodiscoverUrl($emailAddress)

    $folderName = "deletedItems"
    $mailbox = [microsoft.exchange.webservices.data.folder]::bind($service,[microsoft.exchange.webservices.data.wellknownfoldername]::$folderName)

    $count = 0
    while ($count -lt 5)
    {

    $message = new-object microsoft.exchange.webservices.data.emailMessage($service)
    $message.subject = "Archive Message "+ $count
    $message.toRecipients.add($emailAddress)
    $message.itemClass = "ipm.note"
    $message.Save($folderName)

    count
    $count++
    }

     

    Wednesday, March 16, 2011 4:35 PM

All replies

  • You have to act with impersonation in orderr to act in the context of the userr you are working for. Why don´t you want to use impersonation?

     


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com
    Wednesday, March 16, 2011 9:00 PM
  •  

    I actually stumbled across this today and this has me working.

    I thought all you had to do with delegate permissions(and I guess this doesn't mean "delegate" but just user with mailbox permissions) was to reference the mailbox in autodiscoverurl.  But I actually found you have to refer directly to the other mailbox and then bind to it. 

    So below, when I bind as $service, I'm binding directly to the other users folder/mailbox.  Looks like without this it just drops back to the creds user.

    $mailBox = new-object Microsoft.Exchange.WebServices.Data.mailbox($emailAddress)

    $fid = new-object Microsoft.Exchange.WebServices.Data.folderID([microsoft.exchange.webservices.data.wellknownfoldername]::$folderName,$mailBox)
    $mailboxFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$fid)

    Wednesday, March 16, 2011 9:33 PM