Exchange - Advanced

Exchange - Advanced

Authentication and primary setup in Exchange import module

 

Introduction

This guide is primarily about how to prepare Exchange to work optimally with the booking system and how to set up authentication.

There are three scenarios in which the Exchange module can import calendar data, provided that there is EWS (Exchange Web Service) access to the installation.


Overview:

  1. Correctly created RoomList group in Exchange Management Shell (PowerShell)
  2. Simple setup without impersonation rights to the premises (Room Mailboxes).
    Setup with impersonation rights on the premises (Room Mailboxes)
    An important note (about topic and organizer settings in Exchange)
  3. Creating a Service Account in Office 365


Setting up point 2 (Not possible on versions before Exchange 2010)

Setting up item 2 requires that a RoomList distribution group has been (or will be) created in Exchange as well as a service account user with technical access to Exchange.


This can easily be a user created solely for the purpose of importing calendar data into the booking system. For the need in Q-Cal, it is extra good if a purpose-dedicated RoomList is created as below (This can also be changed in the Exchange module, of which under the item Local list user):

 

Note In the examples below, I use the identity infoscreens with "s" on the suffix.


In PowerShell:

New-DistributionGroup -PrimarySmtpAddress " infoscreens@ditfirma.dk" -Name "Info Screen List" -DisplayName "Info Screen List"
HTML



After creating In PowerShell, the distribution group must be set as RoomList:Efter oprettelse I PowerShell, skal distributionsgruppen sættes som RoomList:

Set-DistributionGroup -Identity "infoscreens@ditfirma.dk" -RoomList
HTML


To assign rooms (Room Mailboxes) to the distribution list, use the following command on each local mailbox:

Add-DistributionGroupMember -Identity "infoscreens@ditfirma.dk" 
 -Member "modelokale@ditfirma.dk"
HTML


If you do not want to continue with Setup with impersonation rights, use the setup below on app.q-cal.net.


Example on configuration in på app.q-cal.net



Setup with impersonation rights

In this setup, a Service Account must be used for login, which will have access to the premises' individual calendars. Let us assume as an example that this account is called q-cal@ditfirma.dk with password 12345678.

Note: NordicScreen does not recommend using easy passwords for this type of setup. Feel free to use a minimum of 16 characters with a mixture of uppercase and lowercase letters, characters and numbers.


First create a restriction filter in PowerShell:

New-ManagementScope -Name "Q-Cal Impersonation Scope" 
 -RecipientRestrictionFilter { RecipientTypeDetails -eq "RoomMailbox" }
HTML


If errors occur in this connection, eg on online versions of Exchange, the following may need to be performed first: (The command allows you to create security filters and please note: the execution of it may take up to several minutes)

Enable-OrganizationCustomization
HTML

Then the scope above must be assigned to the service account q-cal@ditfirma.dk:

New-ManagementRoleAssignment –Name "RoomSync-RoomImpersonation" 
HTML
–Role ApplicationImpersonation –User "q-cal@ditfirma.dk" 
HTML
–CustomRecipientWriteScope "Q-Cal Impersonation Scope"
HTML



Example on setup in app.q-cal.net





For more information on handling Room Mailboxes:

Impersonation and EWS in Exchange

Exchange Server 2010 Room Mailboxes Step by Step Guide

A Look at Exchange Server 2013 Resource Mailboxes

Exchange2013: Create and manage room mailboxes and Room lists

Why Robin uses Impersonation instead of Delegate Access

Resource mailbox's calendar shows the organizer's name instead of the subject in an Exchange Server environment

 

Important

We have seen examples of Exchange inserting the meeting author's name instead of the subject field. This is not a bug, but a feature that can be turned on and off. To turn it off, you can do the following in PowerShell on each of your local mailboxes.

Set-CalendarProcessing -Identity <RESOURCEMAILBOX> -DeleteSubject $False 
HTML
-AddOrganizerToSubject $False
HTML


 

Creating a Service Account in Office 365

For those who need to know more about setting up a separate service account in Office 365 (Online), this is quite simple.


First, log in as an administrator on your Office subscription. This administrator must have an overriding permission to create users and assign roles.


When you are logged in, you will e.g. be greeted with the following:



Below, click on Admin, after which the following page will appear:



Then click on "Add user" and fill in the page (Basic) as below.
(Username is the same as the username you will later log in with).

Remember:
1. Create a long password, if necessary. use Google Chrome's 'Suggest Password' feature which provides a relatively secure code and possibly add some non-alphabetical symbols.
2. Uncheck "Require user to change their password the first time they log in"

 


Under Product licenses, select Denmark in location and tick "Create user without product license (not recommended)".



Under (1) "Optional Settings", open "Roles" and uncheck "User", but instead assign the role "Exchange Administrator" and "Service Administrator".

 


The window will then look like this:

 

If this can be approved, select "Finish Add-on" and you are done creating it yourself.




Then go back to the "Microsoft 365 Administration" admin panel and tap "Exchange" under "Administration" in the menu on the left.




In the "Exchange Administration" window, select "Permissions".



Sources:

https://www.sharepointsapiens.com/blog/how-to-configure-a-service-account-in-office-365/

https://stackoverflow.com/questions/54635471/why-does-ews-api-returns-errornonexistentmailbox-error

 

  

 


 

 

Simple mailbox with access to calendar data

This scenario assumes a simple mailbox account (ie not a Service Account). This account must be invited to all meetings to be displayed on the info screen.


Example in app.q-cal.net





Example of setting the Specific mailbox if only one calendar is accessible.








    • Related Articles

    • Exchange - Simple

      Authentication and primary setup in Exchange import module Introduction This guide is primarily about how to prepare Exchange to work optimally with the booking system and hence how to set up authentication. There are three scenarios in which the ...
    • Q-Cal booking app - Advanced

      Instructions on setting up Q-Cal Android app. Note: For references below to “website”, see https://app.q-cal.net/Views/MeetingRooms/ The Q-Cal Android app is compatible with devices running Android 4.1 up to at least Android 8.1. When installing the ...
    • How to make your meeting room display show green during meetings

      This guide will show you how to make your meeting room display show green during meetings. 1. Log in to Q-Cal 2. Click on Views. 3. Hereafter choose Meeting Room Displays. 4. Click on the Gear-Icon next to the desired meeting room display. 5. Expand ...
    • How to only show "Public" meetings

      If you only want to show "Public" meetings on your Q-Cal SignangeViews/Screen, follow this guide that shows how you set it up. Part 1: Turn on "Mark meetings as public if subject starts with *". 1. Log in to Q-Cal in your browser, and click on Main ...
    • Microsoft Office 365

      1. The first step, is to login on Q-cal. 2. Now click on Main Menu and select Calender Integrations. 3. Next step, click on the "+" 4. Select "Microsoft Office 365". 5. Here can you see all the settings for the integration, click on Microsoft ...