Introduction
This guide is primarily about how to prepare Exchange to work optimally with the booking system and hence how to set up authentication.
There are three scenarios in which the Exchange module can import calendar data, provided that there is EWS (Exchange Web Service) access to the installation.
Overview:
Setting up point 1. a. (Not possible on versions before Exchange 2010)
Setting up item 1 requires that a RoomList distribution group has been (or will be) created in Exchange as well as a service account user with technical access to Exchange. This can easily be a user who is created solely for the purpose of importing calendar data into the booking system. For the need in Q-Cal, it is extra good if a purpose-dedicated RoomList is created as below (This can also be changed in the Exchange module, of which under the item Local list user):
Note In the examples below, I use the identity infoscreens with "s" on the suffix.
In PowerShell:
New-DistributionGroup -PrimarySmtpAddress " infoscreens@ditfirma.dk" -Name "Info Screen List" -DisplayName "Info Screen List"
After creating In PowerShell, the distribution group must be set as RoomList:
Set-DistributionGroup -Identity "infoscreens@ditfirma.dk" -RoomList
To assign rooms (Room Mailboxes) to the distribution list use the following command on each local mailbox:
Add-DistributionGroupMember -Identity "infoscreens@ditfirma.dk" -Member "modelokale@ditfirma.dk"
If you do not want to proceed to point 1. b. (Setup with impersonation rights), use the setup below on app.q-cal.net.
Setup point 1. b. (Setup with impersonation rights)
This setup is a continuation of point 1. a.
In this setup, a Service Account must be used for login, which will have access to the premises' individual calendars. Let us assume as an example that this account is called q-cal@ditfirma.dk with password 12345678.
Note: NordicScreen does not recommend using easy passwords for this type of setup. Feel free to use a minimum of 16 characters with a mixture of uppercase and lowercase letters, characters and numbers.
First create a restriction filter in PowerShell:
New-ManagementScope -Name "Q-Cal Impersonation Scope" -RecipientRestrictionFilter { RecipientTypeDetails -eq "RoomMailbox" }
If errors occur in this connection, eg on online versions of Exchange, the following may need to be performed first: (The command allows you to create security filters and please note: the execution of it may take up to several minutes)
Enable-OrganizationCustomizationThen the scope above must be assigned to the service account q-cal@ditfirma.dk:
New-ManagementRoleAssignment –Name "RoomSync-RoomImpersonation" –Role ApplicationImpersonation –User "q-cal@ditfirma.dk"
–CustomRecipientWriteScope "Q-Cal Impersonation Scope"
Impersonation and EWS in Exchange
Exchange Server 2010 Room Mailboxes Step by Step Guide
A Look at Exchange Server 2013 Resource Mailboxes
Exchange2013: Create and manage room mailboxes and Room lists
Why Robin uses Impersonation instead of Delegate Access
Point 1. c. - An important remark
We have seen examples of Exchange inserting the meeting author's name instead of the subject field. This is not a bug, but a feature that can be turned on and off. To turn it off, you can do the following in PowerShell on each of your local mailboxes.
Set-CalendarProcessing -Identity <RESOURCEMAILBOX> -DeleteSubject $False
-AddOrganizerToSubject $FalsePoint 1. d. - Creating Service Account in Office 365
For those who need to know more about setting up a separate service account in Office 365 (Online), this is quite simple.
First you need to log in as an administrator for your Office subscription. This administrator must have an overall permission to create users and assign roles to them.
When you are logged in, e.g. be greeted with the following:
Below, click on Admin, after which the following page will appear:
Then tap Add user and fill in the page (Basic) as below.
(Username is the same as the username you will later log in with).
Remember:
Under Product Licenses select Denmark in location and tick
"Create user without product license (not recommended)".
Under (1) Optional Options, open Roles and uncheck User, but instead assign the role of Exchange Administrator and Service Administrator.
Finally the window will look like this:
If this can be approved, select Finish Add-on and you are done with the creation itself.
Then go back to the Microsoft 365 Administration admin panel and tap Exchange under Administration in the menu on the left.
In the Exchange Administration window, select Permissions.
Sources:
https://www.sharepointsapiens.com/blog/how-to-configure-a-service-account-in-office-365/
https://stackoverflow.com/questions/54635471/why-does-ews-api-returns-errornonexistentmailbox-error
Setting up item 2. (Simple mailbox, with access to calendar data)
This scenario assumes a simple mailbox account (ie not a Service Account). This account must be invited to all meetings to be displayed on the info screen.
Example of point 2. setup on app.q-cal.net
Find advanced guides to Exchange her.