Exchange 2010/2013: Query the calendar of a room mailbox with EWS

Frank Zöchling

10 years ago

Here again a small script from the Quick&Dirty corner. Querying the calendar of a room mailbox via EWS and Powershell. The script retrieves all calendar entries from the current time to 365 days in the future, or a maximum of 200 entries. The results are saved in the variable $results and can then be processed further.

$MailboxName = "Besprechungsraum@frankysweb.de"
$EWSPath = "C:\Program Files\Microsoft\Exchange\Web Services\2.2\Microsoft.Exchange.WebServices.dll"

Add-Type -Path $EWSPath
$version = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP2 
 
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService($version)  
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress,$MailboxName);
$service.AutodiscoverUrl($mailboxName)

$calendar = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,[Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Calendar)
$calendarView = new-object Microsoft.Exchange.WebServices.Data.CalendarView([System.DateTime]::Now, [System.DateTime]::Now.AddDays(365))
$calendarView.MaxItemsReturned = 200;
$calendarView.PropertySet = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)

$results = $calendar.FindAppointments($calendarView)

$results | ft subject,start,end

In order to access a room mailbox via EWS, the user executing the script must have impersonation rights. The following command can be used to assign impersonation rights to a user:

New-ManagementRoleAssignment -Name impersonationAssignmentName -Role ApplicationImpersonation -User EWSServiceAccount

Damit erhält der Benutzer „EWSServiceAccount“ Impersonationsrechte auf allen Postfächern, dies lässt sich aber auch weiter eingrenzen:

New-ManagementScope -name Besprechungsraum -RecipientRestrictionFilter {Name –eq "Besprechungsraum"}
New-ManagementRoleAssignment –Name impersonationAssignmentName –Role ApplicationImpersonation –User EWSServiceAccount –CustomRecipientWriteScope Besprechungsraum

Der Befehl oben erzeugt einen neuen Management Bereich der nur den Benutzer „Besprechungsraum“ enthält. Die Impersonationsrechte gelten also nur für den Benutzer EWSServiceAccount für das Postfach „Besprechungsraum“.