Configure Exchange Service Account for Meetical (with Delegation)

Owned by Lukas Gotter _ Meetical
Last updated: Jul 25, 2024
3 min read

Exchange Server Mailbox Delegation

This document is intended for Microsoft Exchange / Office Admins. It covers the permissions needed for Meetical for Confluence / Meetical Outlook Add-in (EWS Edition). Meetical uses Delegation as approach to allow a service account access the user’s mailboxes. This way permissions can be granted on a very fine granular level and based on individual folders (e.g. Calendar is a folder in Outlook).

Please reach out to one of our official partners, or open a support ticket with us. We also offer POC and consulting packages.

What permissions or roles are required for Meetical for Confluence?

Required Permissions for Meetical 3.x are: ReadItems, FolderVisible (or role Reviewer)

For the future, if we add automated page creation and linking and/or the internal calendar macro (similar to the Cloud version), the App will require EditOwnedItems and Author role.

How to delegate calendar access

The first step is to create a new service account user. Then you delegate access for that user to any user who should be able to use Meetical for Confluence.

Example to delegate access for Calendar folder to user ews-service-account (Reviewer role):

Add-MailboxFolderPermission -Identity user@mydomain.com:\Calendar -User ews-service-account - AccessRights Reviewer

PowerShell commands

There are 4 Exchange PowerShell cmdlets to manage mailbox permissions, i.e. delegation. Here they are including links to Microsoft documentation portal:

Add-MailboxFolderPermission (add permission)
Get-MailboxFolderPermission (read permission)
Remove-MailboxFolderPermission (remove permission)
Set-MailboxFolderPermission (modify permission)

Here are some more examples.

Examples

1 - Command to read current mailbox folder permissions for Alice and Bruce:

We can see that ewsuser2 has Author access rights to Alice’s mailbox. For Bruce’s mailbox ewsuser2 and Alice have Author access rights.

Tipp: If you work in a multi-language environment, you might find that the Calendar folders are named in accordance to the user’s language (Kalender, Calendar etc.). You might find this resource helpful to write a script to set the folder permissions Changing Exchange folder permissions in multilanguage Office 365 tenants - Evotec

2 - When delegating permissions we can choose which access rights to assign.

We can use individual permissions such as ReadItems or Roles such as Author which are a composition of multiple permissions.

List of permissions and roles: Add-MailboxFolderPermission (ExchangePowerShell)

3 - Let’s make ewsuser3 Author of Mila’s mailbox and Reviewer of Mike’s mailbox:

4 - Let’s check the results:

5 - That’s it!

Now use the service account and test Delegation Rights via Confluence → Settings → Meetical Configuration.

 

Additional Tips

Use variables in command

$ServiceUser = "svc_tst_confluence_meetical-svc”$Group = "sg_tst_confluence_meetical_calendar-author”$Accessrights = "Author" Add-MailboxFolderPermission -Identity "$($member):\Calendar" -user $ServiceUser -AccessRights $Accessrights

 

For multi-language environment

Calendar folders have different names, e.g. EN= Calendar, FR =Calender, DE = Kalender

Changing Exchange folder permissions in multilanguage Office 365 tenants - Evotec

$Mailboxes = Get-Mailbox -RecipientTypeDetails RoomMailbox $Count = 0 foreach ($Mailbox in $Mailboxes) { $Count++ $Folder = Get-MailboxFolderStatistics -Identity $($Mailbox.UserPrincipalName) -FolderScope Calendar #-ErrorAction Stop Write-Color "[", $Count, '/', $Mailboxes.Count, '] ', "Processing ", $Mailbox.UserPrincipalName -Color Yellow, White, Yellow, White, Yellow, White, Green foreach ($F in $Folder) { if ($F.FolderType -eq 'Calendar') { $CalendarPath = $F.FolderPath -Replace '/', '\' Set-MailboxFolderPermission -Identity "$($Mailbox.UserPrincipalName):$CalendarPath" -User Default -AccessRights LimitedDetails -ErrorAction SilentlyContinue -WhatIf Set-CalendarProcessing -Identity $Mailbox.UserPrincipalName -AddOrganizerToSubject $true -DeleteComments $false -DeleteSubject $false -ErrorAction SilentlyContinue -WhatIf Write-Color -Text "[", $Count, '/', $Mailboxes.Count, '] ', "Processed ", $Mailbox.UserPrincipalName, ' on folder type ', $F.FolderType, ' path ', $CalendarPath ` -Color Yellow, White, Yellow, White, Yellow, White, Yellow, White, Green } } }

Check result

Get-MailboxFolderStatistics -Identity $($Mailbox.UserPrincipalName) | Format-Table -AutoSize Name, FolderPath, FolderType, CreationTime, Date, LastModifiedTime