Exchange IP: Opening other mailboxes

May 1, 2012 at 12:13 AM

Just getting started with SCORCH, but have some experience with using EWS with Powershell.

Unless I'm misundertanding the configuration setup, in order to monitor or open a mailbox using an Activity, you must first add that mailbox to the list in the Configuration.  The identity used in that list appears to be the domain user name, and you must include the password for that account.   The Activity will then use those credentials to access the mailbox owned by that account.

There doesn't appear to be any way to open another mailbox using delegated or impersonated access. 

This means it's impossible to use it to monitor a service mailbox that's been set up with a disabled account, and fairly impractical to use it for monitoring any mailbox associated with an account that has a volatile password.

Is this by design, or am I missing something in configuration or understanding how it works?

Coordinator
May 1, 2012 at 12:22 AM

Hey,

You are correct that the IP does not currently support accessing other mailboxes using delegation.  If you would like to work on adding that feature let me know and we can discuss the changes you propose.  This has been a feature that i have been looking at adding for some time but have not had an internal business case that demands it and as such have not added the functionality.

As to the volatile password account problem I am not sure how being able to provide an override to that at runtime would help the problem?  Are you invisioning something that goes out before it runs each action, looks up the password in some sort of database (keypass and the like) then inserts that into the exchange object?  As it stands now, if the account's password changes you need to go into the system and update the password field for the account (which is then in turn stored encrypted in the DB).  You will find this is the case for most actions in Orchestrator.

May 1, 2012 at 1:05 AM

I was envisioning a process that uses a service account with a persistent password, being able to do things like monitor non-user/service mailboxes and process incoming email (remove and save attachments, report on delivery failures, etc.), or open resource mailbox calendars, and use that information to update a web page that shows information about the meetings that day, or send emails to anyone who might need do seating setup or make sure equipment is available prior to the meetings, make sure lunch is ordered, etc.

Also scheduling things like enable/disabe OOF and changing UM greetings for the Help Desk mailbox and phones at specified times.

I don't mind helping with the implementation if I can, but my coding expertise is limited to Powershell (I am but a lowly Exchange admin).

 

Coordinator
May 1, 2012 at 10:08 PM

Hey,

I have updated the IP to support the impersonation use case, testing it right now, stay tuned.

-Ryan

May 1, 2012 at 10:36 PM

Thank you!

Looking forward to trying it out.

Came up with another solution that uses a .net (powershell) script, and uses creds stored as encrypted variables. It works, but it isn’t exactly pretty…..

From: randorfer [email removed]
Sent: Tuesday, May 01, 2012 4:08 PM
To: Campbell, Rob
Subject: Re: Exchange IP: Opening other mailboxes [scorch:354070]

From: randorfer

Hey,

I have updated the IP to support the impersonation use case, testing it right now, stay tuned.

-Ryan

**************************************************************************************************
Note:
The information contained in this message may be privileged and confidential and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**************************************************************************************************

Coordinator
May 2, 2012 at 4:30 PM

Try http://scorch.codeplex.com/releases/view/87100 and let me know how it works for you.  I don't have access to an account that has permissions to open other mailboxes but I believe the code is correct.

-Ryan