none
Powershell to add delegates without Impersonation

    Question

  • Hello All,
    We have an requirement to add few users in the delegates, we thought of doing it through powershell.
    This is what we found, is there any way we do this without having impersonatization (either through full access, how do we give full access through this EWS method?)?
    (Need to replace those commands highlighted in bold)

    $mbtoDelegate = "user@yourdomain.com"
    $delegatetoAdd = "delegate@youdomain.com"
     
     
    $dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.0\Microsoft.Exchange.WebServices.dll"
    [void][Reflection.Assembly]::LoadFile($dllpath)
    $service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1)
     
    $windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
    $sidbind = "LDAP://<SID=" + $windowsIdentity.user.Value.ToString() + ">"
    $aceuser = [ADSI]$sidbind
     
    $service.AutodiscoverUrl($aceuser.mail.ToString())
    $service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate);
     
    $mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate)
    $dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd)
    $dgUser.ViewPrivateItems = $false
    $dgUser.ReceiveCopiesOfMeetingMessages = $false
    $dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Editor
    $dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Reviewer
    $dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1
    $dgArray[0] = $dgUser
    $service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray);

    Never giveup till you get what to want.

    Friday, April 21, 2017 2:04 AM

All replies

  • #optional: connect to remote Exchange Shell
    $ExchangeServer = ""
    
    $ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://$ExchangeServer/PowerShell/" -Authentication Kerberos -Credential (Get-Credential)
    
    Import-PSSession $ExchangeSession  
    
    
    #or just run Exchange Shell on an Exchange Server
    
    
    #add full access to a mailbox
    $targetmailbox = ""
    $usertogetpermissions = ""
    
    Add-MailboxPermission -Identity $targetmailbox -User $usertogetpermissions -AccessRight FullAccess -InheritanceType All -Automapping $false #change -Automapping to $true if you want this feature enabled
    
    
    #add send on behalf permissions
    set-mailbox -identity $targetmailbox -GrantSendOnBehalfTo @{Add=$usertogetpermissions}
    



    Friday, April 21, 2017 9:01 AM