With our new add-on it’s now possible to book Exchange rooms and equipment directly from a SharePoint calendar. To use this add-on you may need to assign application impersonation in Exchange to allow the configured user to impersonate all room and equipment mailboxes. This article will explain how to do this.
Use the Exchange management shell to assign application impersonation.
First we need to create a new management scope to allow the configured user to only impersonate room and equipment mailboxes. Next we assign the ApplicationImpersonation role to the user.
# create a new management scope to get all room and equipment mailboxes New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"} #assign Application impersonation to the configured user account New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"
# create a new management scope to get all room and equipment mailboxes New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"} #assign Application impersonation to the configured user account New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"
If you want to assign application impersonation in Exchange Online, you can use the remote shell. To use the remote shell, you first have to install the Exchange management tools.
Guide: installing Exchange management tools.
To connect to your O365 Exchange run the following commands:
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session
Assign application impersonation:
# create a new management scope to get all room and equipment mailboxes New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"} #assign Application impersonation to the configured user account New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"
# create a new management scope to get all room and equipment mailboxes New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"} #assign Application impersonation to the configured user account New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"
Be sure to disconnect the remote PowerShell session when you’re finished.
Remove-PSSession $Session
Remove-PSSession $Session
Of course you can also use the Exchange admin center to assign application impersonation (Permissions/Admin roles).
I hope you found this guide useful. If you have any problems or any other questions, please send an e-mail to [email protected] or post a comment.