Exchange Application Impersonation Test
Exchange Application Impersonation. More and more applications are starting to take advantage of this great feature of Exchange and you as the Exchange administrator have to assign the role. Wouldn't be nice if you had a way to verify that the role has been successfully assigned?
The newest version of my Exchange module - that is 2.2.1 - includes the "Test-ExchangeImpersonation" cmdlet which will allow you to test the application impersonation role assignment.
Before diving into the examples, a few words on the impersonation. Impersonation is used when we need to give access to an account in order to perform actions on mailboxes. When the application impersonation role is assigned to a principal, that principal can act on the mailbox and perform many actions such as reading and sending mail, managing calendar and contacts, etc.
On the examples below, the principal with the impersonation permission is test.impersonation and the mailbox that is going to be impersonated will be test.mailbox.
Fist, we save the credentials of the impersonation account. Next we create an item in the drafts folder by using autodiscover in order to get the EWS url.
In case you want to bypass autodiscover, you may specify the EWS url just like the next call.
Finally, we send a message to test.mailbox@lab.local and after that message is delivered to the mailbox we get the items in the inbox folder.
Please note that it may take several minutes for the role to be assigned so wait before testing the impersonation.
The newest version of my Exchange module - that is 2.2.1 - includes the "Test-ExchangeImpersonation" cmdlet which will allow you to test the application impersonation role assignment.
Before diving into the examples, a few words on the impersonation. Impersonation is used when we need to give access to an account in order to perform actions on mailboxes. When the application impersonation role is assigned to a principal, that principal can act on the mailbox and perform many actions such as reading and sending mail, managing calendar and contacts, etc.
On the examples below, the principal with the impersonation permission is test.impersonation and the mailbox that is going to be impersonated will be test.mailbox.
PS C:\> $cred = Get-Credential test.impersonation@lab.local
PS C:\> Test-ExchangeImpersonation
-PrimarySMTPAddress test.mailbox@lab.local
-Credential $cred -Action CreateDraft -Verbose
VERBOSE: Importing EWS
library.
VERBOSE: Using supplied
credentials.
VERBOSE: Connecting using autodiscover.
VERBOSE: Creating message
in drafts.
PS C:\> Test-ExchangeImpersonation
-PrimarySMTPAddress test.mailbox@lab.local
-Credential $cred -Action CreateSubfolder -EWSUrl "https://mail.lab.local/ews/exchange.asmx"
-Verbose
VERBOSE: Importing EWS
library.
VERBOSE: Using supplied
credentials.
VERBOSE: Connecting using
EWS Url.
VERBOSE: Creating
subfolder "Impersonation Test" in Inbox.
PS C:\> Test-ExchangeImpersonation
-PrimarySMTPAddress test.mailbox@lab.local
-Credential $cred -Action SendMessage -Recipient test.mailbox@lab.local -Verbose
VERBOSE: Importing EWS
library.
VERBOSE: Using supplied
credentials.
VERBOSE: Connecting using autodiscover.
VERBOSE: Sending a message
to test.mailbox@lab.local.
Name :
Address : test.mailbox@lab.local
RoutingType :
MailboxType :
Id :
PS C:\> Test-ExchangeImpersonation
-PrimarySMTPAddress test.mailbox@lab.local
-Credential $cred -Action ListInboxItems -Verbose
VERBOSE: Importing EWS
library.
VERBOSE: Using supplied
credentials.
VERBOSE: Connecting using autodiscover.
Id DateTimeCreated DisplayTo Subject
-- --------------- --------- -------
AAMkADRiN... Test Mailbox TestImpersonation
PS C:\>
Fist, we save the credentials of the impersonation account. Next we create an item in the drafts folder by using autodiscover in order to get the EWS url.
In case you want to bypass autodiscover, you may specify the EWS url just like the next call.
Finally, we send a message to test.mailbox@lab.local and after that message is delivered to the mailbox we get the items in the inbox folder.
Please note that it may take several minutes for the role to be assigned so wait before testing the impersonation.