$delegatetoAdd = "delage@youdomain.com"
$dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.0\Microsoft.Exchange.WebServices.dll"
[void][Reflection.Assembly]::LoadFile($dllpath)
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1)
$windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$sidbind = "LDAP://<SID=" + $windowsIdentity.user.Value.ToString() + ">"
$aceuser = [ADSI]$sidbind
$service.AutodiscoverUrl($aceuser.mail.ToString())
$mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($aceuser.mail.ToString())
$dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd)
$dgUser.ViewPrivateItems = $false
$dgUser.ReceiveCopiesOfMeetingMessages = $false
$dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Editor
$dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Reviewer
$dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1
$dgArray[0] = $dgUser
$service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray);
This script will add a delegate to the currently loged on user but this is something you may want to use impersonation for see http://msdn.microsoft.com/en-us/library/bb204095.aspx if you wanted to add a delegate to possiblly a large number of users or if you where doing this during mailbox provisioning. So this version of the script will use impersonation to access another users mailbox and add a delegate.
$delegatetoAdd = "delegate@domain.com"
$dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.0\Microsoft.Exchange.WebServices.dll"
[void][Reflection.Assembly]::LoadFile($dllpath)
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1)
$windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$sidbind = "LDAP://<SID=" + $windowsIdentity.user.Value.ToString() + ">"
$aceuser = [ADSI]$sidbind
$service.AutodiscoverUrl($aceuser.mail.ToString())
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate);
$mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate)
$dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd)
$dgUser.ViewPrivateItems = $false
$dgUser.ReceiveCopiesOfMeetingMessages = $false
$dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Editor
$dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Reviewer
$dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1
$dgArray[0] = $dgUser
$service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray);
I've put a download of the two scripts here
14 comments:
Great stuff! Exactly what I was looking for... only problem is I can't get it going :-(.
The code itself appears to run ok, however I strike a problem when the last line runs. The CPU usage jumps up to 95-100% but doesn't appear to be doing anything. Have left it running like this for ~10mins before killing it off. This happened on two different Win2003 R2 SP2 servers, using both Powershell 1.0 and 2.0 and the 32bit EWS API.
Did you strike this problem? Can you tell me what you tested this on? ie OS, x64/x86, Powershell version etc. Hopefully if I match what you used, it'll work!
Am really hoping I can get this working. Have a large number of delegates to update... and aren't looking forward to doing it manually :-).
Thanks
Hi have partly resolved my problem above.
Should have mentioned that I was using the second script with the impersonation.
I tried the first without impersonation, which worked fine.
So have concluded this is an issue with impersonation - although I would have thought I'd get access denied or something (perhaps I would have if I left it running longer).
I tried quickly granting myself the impersonation rights but didn't seem to make any difference. May not have done it right.
At any rate - I'm happy with using the first script. Thanks very much Glen!
Hello Glen,
I just tried the script you have here, and ran into an issue with the very last command. The error I got was:
Exception calling "AddDelegates" with "3" argument(s): "The Url property on ExchangeService object must be set."
At line:1 char:22
+ $service.AddDelegates( <<<< $mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArr
ay);
Any suggestions? Thanks.
This means that autodiscovery of the currently logged on users hasn't worked this may mean the user you are logged on as doesn't have a exchange 2007 mailbox. You can manually set the Cas server by using the following line
$service.AutodiscoverUrl($aceuser.mail.ToString())
$uri=[system.URI] "https://servername/ews/exchange.asmx"
Cheers
Glen
Hi, this looks very promising and will help me out a lot. I've downloaded and installed EWS Managed API, but how do I use it?
The sample script doesn't look anything like what you can type in the Exchange Management Shell interface like other powershell commands.
I've reviewd the SDK and can not find any info on what all the permission levels are available for setting delegate rights.
Anyway you can provide a little more information on this? I don't do programming at all and this looks to be fairly involved. Was wondering if there was a more "powershell" way of doing this that was a little simpler. Thanks.
Great post... I've been trying to do this sort of thing through EMS for a while now, particularly the permission levels...
I downloaded the sample code and had a little play, and it works great.
Due to the environment I'm in, we're trying to add MailEnabled groups as delegates. Any ideas on how that would be possible?
When running AddDelegates() with a group, it fails with "The delegate does not map to a user in the Active Directory" which is correct, as it is a group and not a user. The API doesn't seem to support adding a group, well not that I could see.
Any ideas/help would be appreciated :)
To use a group a delegate it has to be Mail Enabled Universal Security Group. If its a distrution group then it wont work also there is a bug if its been automatically converted from a UDG to USG One problem when this conversion happens is that it doesn't modify the msExchRecipientDisplayType which still remain at 1. EWS wont let you add a group unless the property value is 1073741833. If you have a group that has been converted to a Universal Security Group and that value of this property isn't set to 1073741833 then that usually the problem. What you can do is modify this property manually with ADSIedit. You should take great care when doing so and you should only every modify the property on a group that is already a Universal Security Group dont change this value for Global Groups.
Cheers
Glen
Thanks for the reply Glen. The groups I'm using are created specifically as Universal Security Groups that are then mail enabled. I've double checked the msExchRecipientDisplayType and it is set to 1073741833.
I'm suspecting the API just doesn't handle groups?
Glen - this is an awesome post, thank you.
The second script is exactly what I need, except that I need to say
for each userX in X group
{
giveUserZdelegateAccessTo(userX)
[ie your script]
}
What would be the powershell version of this?
Thanks
Not sure i understand the question this is what this script does it is powershell
Cheers
Glen
I would love to use this to manage delegates on a resource mailbox. However, Exchange Impersonation fails on resource mailboxes since the underlying account is disabled. Is there any way to use the EWS Managed API to bind to resource mailboxes just using Full Access privs and no impersonation?
In the download there is a version that uses impersonation and one that just uses plain delegate access so if you use the other script for resource mailboxes it should work fine.
Cheers
Glen
Hi Glen,
I tried your second script and got error at the last command:
Exception calling "AddDelegates" with "3" argument(s): "Request failed. The underlying connection was closed: Could not
establish trust relationship for the SSL/TLS secure channel."
At C:\SON\delegatefolder.ps1:27 char:22
+ $service.AddDelegates( <<<< $mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::Delegates
AndSendInformationToMe, $dgArray);
How can I solve this problem?
Thanks
I also fail to add a group as a delegate. I also checked the msExchRecipientDisplayType property.
ErrorMessage : The delegate does not map to a user in the Active Directory.
"
Post a Comment