Category Archives: Exchange

EWS & .NET how to get started

Getting started with Exchange Web Service (EWS)

Firstly you might want to configure your security groups as per my article titled “Exchange Web Service (EWS) configuration” then return and continue.

EWS is a powerful way to access Microsoft Exchange over https. Doing this via .NET is a doddle.

I am going to assume you know how to add a web reference to your .net project.

your exchange server will be publishing EWS on the following URL

https://<DomainName|IPAddress|Servaername>/EWS/Services.wsdl

All you need to do is add a webreference to your .NET project by pointing to the above url. The important thing to remember is that you will actually be using a different URL when it comes to binding in code. The url shape will be like this

https://<DomainaName|IPAddress|Servaername>/EWS/exchange.asmx

Once you have your web reference in place, and in this example we will be calling the reference EWS, the first thing you are going to need to do is declare a new instance like so

The GetNewEWSBinding() returns a binding. The binding is on one of the mailboxes within the saEWSImpersonatable security group mentioned in the article previously mentioned at the begining of this one.
The following version of the function has a default binding mailbox defined in a variable at the package level of the SSIS package this script task resides in; it also checks for an InTest switch to swap between two mailboxes when in test or production. Binding credentials can be configured manually for a specific user, this user must be a member of the security group sgEWSImpersonate as described in the article mentioned at the beginning of this one. Finally there is an override optional parameter to provide if you wish to specify a specific mailbox to bind to instead of the default.
You can amend this to your requirements

As soon as you have your binding you are ready to start working with the mailbox.

In my next article on EWS, I will discuss how to declare your EWS binding objects using object initialisers, you will be able to declare and run requests against EWS using less code.
ie Dim x as object With {.parameter = value, .parameter = value}
Example

Exchange Web Service (EWS) configuration

Exchange Web Service (EWS) configuration

The idea here is to create two groups within the Active Directory. The first group will contain the Mailbox accounts you wish to allow access and manipulation of objects within the mailbox (sgEWSImpersonatable). The second will contain the accounts you wish to allow access to the accounts within the first group (sgEWSImpersonate).

What we want to do is

  • AD – Create a security group (sgEWSImpersonateAble), this group will hold the accounts we want to be able to impersonate (eg testAccounts, devsystems etc etc)
  • AD – Create a security group (sgEWSImpersonate), this group will hold the accounts we want to allow impersonation of the accounts in the group sgEWSImpersonateAble
  • EX – Create a Scope (scopeEWSImpersonate), this scope we use to link the ApplicationImpersonation Exchange role to the security group created in the previous step. . Ie we assign the scope to the security group sgEWSImpersonateAble
  • EX – Create a RoleAssignment (mraEWSImpersonation) this Management Role Assignment will be used to tie the ApplicationImpersonation role to the scope. this then compeltes the loop between AD and Exchange

Follow these steps

  1. Create the Security Group in AD (it can be mail enable or not, it makes no difference)
    Group Name: sgEWSImpersonateAble
    Group Description: Exchange Web Service Impersonation, accounts in this group will grant members of the group sgEWSImpersonate impersonation ability via Exchange Web Service calls
    Group Members: TestAccounts, testsqlmailuser, etc,etc,etc
  2. Create the Security Group in AD (it can be mail enable or not, it makes no difference)
    Group Name: sgEWSImpersonate
    Group Description: Exchange Web Service Impersonation, accounts in this group be able to impersonate members of the group sgEWSImpersonateAble via Exchange Web Service (EWS) calls
    Group Members: Developer1,Developer2, Sysadmin1, svcAccount, etc,etc
  3. Create the Scope (This is a one time only requirement to run) In Exchange Management Powershell console run the following, this will link the scope to the groupGet the location of the security group we created for the accounts to impersonate

    >$sgEWSImpersonateAble = $(Get-DistributionGroup sgEWSImperonateAble).Identity.DistinguishedName

    verify we have it by looking at the vaariable
    >$sgEWSImpersonateAble
    CN=sgEWSImpersonateAble,OU=OrganisationalUnitContainingTheGroup,DC=DomainName,DC=local

    Now Create the Scope linking it to the group
    >New-ManagementScope -Name:scopeEWSImpersonate -RecipientRestrictionFilter:”MemberOfGroup -eq ‘$sgEWSImpersonateAble'”

  4. Create the Role Assignment (to link the scope to the group containing the accounts we want to allow impersonation to)>New-ManagementRoleAssignment –Name:mraEWSImpersonation –Role:ApplicationImpersonation –SecurityGroup “sgEWSImpersonate” –CustomRecipientWriteScope: scopeEWSImpersonate

For a long story short execute the following in the Exchange Management Powershell console. Replace the names to those you would prefer.

>$sgEWSImpersonateAble = $(Get-DistributionGroup sgEWSImperonateAble).Identity.DistinguishedName
>$sgEWSImpersonateAble
CN=sgEWSImpersonateAble,OU=OrganisationUnitContainingTheGroup,DC=Domain,DC=local
>New-ManagementScope -Name:scopeEWSImpersonate -RecipientRestrictionFilter:”MemberOfGroup -eq ‘$sgEWSImpersonateAble'”
>New-ManagementRoleAssignment –Name:mraEWSImpersonation –Role:ApplicationImpersonation –SecurityGroup “sgEWSImpersonate” –CustomRecipientWriteScope: scopeEWSImpersonate

Now you can add and remove people and mailboxes to and from the two groups to allow impersonation of mailboxes from accounts

References

http://msdn.microsoft.com/en-us/library/exchange/bb204095(v=exchg.140).aspx

Set-ManagementRoleAssignment
http://technet.microsoft.com/en-us/library/dd335173(v=exchg.141).aspx
New-ManagementRoleAssignment
http://technet.microsoft.com/en-us/library/dd335193(v=exchg.141).aspx
New-ManagementScope
http://technet.microsoft.com/en-us/library/dd335137(v=exchg.141).aspx
Set-ManagementScope
http://technet.microsoft.com/en-us/library/dd297996.aspx

Exchange 2010 and exchange 2003 there is currently no route to the mailbox database

As an Administrator, If during your Exchange 2010 install, when you migrated that single test mailbox from the old Exchange 2003 server into the nice shiny new Exchange 2010 mail server on that new MS Server 2008 64bit you have up and running. You found you couldn’t send mail internally or receive mail internally or in fact receive mail from an external source either, your not alone.

Reviewing the “Queue Viewer” on your Exchange 2010 bi you see there are mails in the queue trying to send with the following error

there is currently no route to the mailbox database

And you also see mails in the inbound queue on your exchange 2003 box.

Fear not, for there is a simple fix. You must Create A Routing Group Connector Between Exchange 2003 and Exchange 2010

According to Microsoft when you installed the new Exchange server 2010 despite the compatibility that exchange 2003 and exchange 2010 can coexist on your domain, they don’t quite let you know that the routing may not properly be configured, my guess is because there are too many permutations of network configurations you might have. So if your like me, you have a single Exchange 2003 server that you want to talk to your Exchange 2010 server then the solution is pretty simple.

Make sure you login to the exchange 2010 box with an account that has “GOD” privileges on your domain
1. Click start
2. in the search box type “Shell”
3. Right click and run “Exchange Management Shell”
4. Copy and paste the following line into notepad

New-RoutingGroupConnector -Name “Interop RGC” -SourceTransportServers “exchange2010FQDN” -TargetTransportServers “Exchange2003FQDN” -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true

Adjust the names accordingly and be sure the quotes are quotes and not some funky character that looks like quotes as is what sometimes happens when copying from the internet.
5. Paste the line into the Exchange Management Shell (EMS) and you should see something not too different from this.

response from adding route, and verifying route exists

6. Now you can verify the creation by running “Get-RoutingGroupConnector”
7. On your exchange 2003 box restart “Simple Mail Transport Protocol” Service
8. On your Exchange 2010 box restart “Mail Exchange Transport” Service

Hope this helped you all

References I used
Message Rerouting and the Unreachable Queue
http://technet.microsoft.com/en-us/library/bb232161.aspx

Routing group connector between an Exchange 2010 organization and Exchange 2003 organization doesn’t exist
A routing group connector between the Exchange 2010 routing group and Exchange 2003 routing groups hasn’t been configured, or the last routing group connector between the Exchange 2010 routing group and Exchange 2003 routing groups has been removed. No routing group connector exists to provide a routing path to the Exchange 2003 recipients. To resolve this problem, first verify that the routing group connector is missing. If that’s the case, you can create a routing group connector. For more information, see Create Additional Routing Group Connectors from Exchange 2010 to Exchange 2003. If a routing group connector does exist, the message is in the Unreachable queue for some other reason. Check the configuration of the routing group connector

Create Additional Routing Group Connectors from Exchange 2010 to Exchange 2003
http://technet.microsoft.com/en-us/library/aa997292.aspx

New-RoutingGroupConnector -Name “Interop RGC” -SourceTransportServers “Ex2010Hub1.contoso.com” -TargetTransportServers “Ex2003BH1.contoso.com” -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true

Upgrade from Exchange 2003 Transport
http://technet.microsoft.com/en-us/library/dd638103.aspx
Exchange Management Shell in Exchange 2010
http://technet.microsoft.com/en-us/library/dd795097.aspx