Configure Exchange Service Account for Meetical (with Delegation)

Owned by Lukas Gotter _ Meetical
Last updated: Jul 12, 2023

Exchange Server Mailbox Delegation

This document is intended for Microsoft Exchange / Office Admins. It covers the permissions needed for Meetical for Confluence / Meetical Outlook Add-in (EWS Edition). Meetical uses Delegation as approach to allow a service account access the user’s mailboxes. This way permissions can be granted on a very fine granular level and based on individual folders (e.g. Calendar is a folder in Outlook).

Please reach out to one of our official partners, or open a support ticket with us. We also offer POC and consulting packages.

What permissions or roles are required for Meetical for Confluence?

If you use roles, we recommend the role: Author. Recommended Permissions: ReadItems, FolderVisible, EditOwnedItems

Required Permissions for Meetical 3.x → ReadItems, FolderVisible (or role Reviewer)

We recommend to set EditOwnedItems as well to be prepared already for Meetical 4.x (Auto-create and link recurring Meetings)

How to delegate calendar access

The first step is to create a new service account user. Then you delegate access for that user to any user who should be able to use Meetical for Confluence.

Example to delegate access for Calendar folder to user ews-service-account (Author role):

Add-MailboxFolderPermission -Identity user@mydomain.com:\Calendar -User ews-service-account - AccessRights Author

PowerShell commands

There are 4 Exchange PowerShell cmdlets to manage mailbox permissions, i.e. delegation. Here they are including links to Microsoft documentation portal:

Add-MailboxFolderPermission (add permission)
Get-MailboxFolderPermission (read permission)
Remove-MailboxFolderPermission (remove permission)
Set-MailboxFolderPermission (modify permission)

Here are some more examples.

Examples

1 - Command to read current mailbox folder permissions for Alice and Bruce:

We can see that ewsuser2 has Author access rights to Alice’s mailbox. For Bruce’s mailbox ewsuser2 and Alice have Author access rights.

Tipp: If you work in a multi-language environment, you might find that the Calendar folders are named in accordance to the user’s language (Kalender, Calendar etc.). You might find this resource helpful to write a script to set the folder permissions https://evotec.xyz/powershell-changing-exchange-folder-permissions-in-multilanguage-office-365-tenants/

2 - When delegating permissions we can choose which access rights to assign.

We can use individual permissions such as ReadItems or Roles such as Author which are a composition of multiple permissions.

List of permissions and roles: https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxfolderpermission?view=exchange-ps#parameters

3 - Let’s make ewsuser3 Author of Mila’s mailbox and Reviewer of Mike’s mailbox:

4 - Let’s check the results:

5 - That’s it!

Now use the service account and test Delegation Rights via Confluence → Settings → Meetical Configuration.

 

Additional Tips

Use variables in command

$ServiceUser = "svc_tst_confluence_meetical-svc”$Group = "sg_tst_confluence_meetical_calendar-author”$Accessrights = "Author" Add-MailboxFolderPermission -Identity "$($member):\Calendar" -user $ServiceUser -AccessRights $Accessrights

 

For multi-language environment

Calendar folders have different names, e.g. EN= Calendar, FR =Calender, DE = Kalender

https://evotec.xyz/powershell-changing-exchange-folder-permissions-in-multilanguage-office-365-tenants/

$Mailboxes = Get-Mailbox -RecipientTypeDetails RoomMailbox $Count = 0 foreach ($Mailbox in $Mailboxes) { $Count++ $Folder = Get-MailboxFolderStatistics -Identity $($Mailbox.UserPrincipalName) -FolderScope Calendar #-ErrorAction Stop Write-Color "[", $Count, '/', $Mailboxes.Count, '] ', "Processing ", $Mailbox.UserPrincipalName -Color Yellow, White, Yellow, White, Yellow, White, Green foreach ($F in $Folder) { if ($F.FolderType -eq 'Calendar') { $CalendarPath = $F.FolderPath -Replace '/', '\' Set-MailboxFolderPermission -Identity "$($Mailbox.UserPrincipalName):$CalendarPath" -User Default -AccessRights LimitedDetails -ErrorAction SilentlyContinue -WhatIf Set-CalendarProcessing -Identity $Mailbox.UserPrincipalName -AddOrganizerToSubject $true -DeleteComments $false -DeleteSubject $false -ErrorAction SilentlyContinue -WhatIf Write-Color -Text "[", $Count, '/', $Mailboxes.Count, '] ', "Processed ", $Mailbox.UserPrincipalName, ' on folder type ', $F.FolderType, ' path ', $CalendarPath ` -Color Yellow, White, Yellow, White, Yellow, White, Yellow, White, Green } } }

Check result

Get-MailboxFolderStatistics -Identity $($Mailbox.UserPrincipalName) | Format-Table -AutoSize Name, FolderPath, FolderType, CreationTime, Date, LastModifiedTime