How to: Assign application impersonation in Exchange

With our new add-on it’s now possible to book Exchange rooms and equipment directly from a SharePoint calendar. To use this add-on you may need to assign application impersonation in Exchange to allow the configured user to impersonate all room and equipment mailboxes. This article will explain how to do this.

Exchange 2010/2013

Use the Exchange management shell to assign application impersonation.

First we need to create a new management scope to allow the configured user to only impersonate room and equipment mailboxes. Next we assign the ApplicationImpersonation role to the user.

# create a new management scope to get all room and equipment mailboxes
New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}
#assign Application impersonation to the configured user account
New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"
# create a new management scope to get all room and equipment mailboxes
New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}
#assign Application impersonation to the configured user account
New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"

Exchange Online

If you want to assign application impersonation in Exchange Online, you can use the remote shell. To use the remote shell, you first have to install the Exchange management tools.
Guide: installing Exchange management tools.

To connect to your O365 Exchange run the following commands:

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Assign application impersonation:

# create a new management scope to get all room and equipment mailboxes
New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}
#assign Application impersonation to the configured user account
New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"
# create a new management scope to get all room and equipment mailboxes
New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}
#assign Application impersonation to the configured user account
New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "userAccount" –CustomRecipientWriteScope "ResourceMailboxes"

Be sure to disconnect the remote PowerShell session when you’re finished.

Remove-PSSession $Session
Remove-PSSession $Session

Of course you can also use the Exchange admin center to assign application impersonation (Permissions/Admin roles).

Assign application impersonation using the Exchange Admin Center

I hope you found this guide useful. If you have any problems or any other questions, please send an e-mail to [email protected] or post a comment.