Install ADFS on Azure VM step by step

How to use ImpersonatedUserID with EWS Managed API via Windows Powershell ?

Working with EWS Managed API via Windows Powershell
This is part 2 of the Series from the previous Documents where I demonstrated how to setup Powershell Client for EWS Managed API for a Office365 Mailbox and save and send an email from the mailbox.
If you would like to go through the first part of the series please go to below link.
In this part we will take the next step from the part 1 where we Setup EWS Client for a Mailbox and successfully created email Message in Draft Folder and Send the same. As our Client is Setup for a Single Mailbox so we can work with Single Mailbox fine, but now Let’s look how we are going to work with Multiple Mailbox.
To work with multiple user mailboxes we need to use ImpersonatedUserID attribute.
If you Recall the $service Array we created in Part1 post, you can see ImpersonatedUserID attribute is Empty.
So Lets get into more details of the ImpersonatedUserID attribute and see how to use it, ImpersonatedUserID attribute tell EWS API to work in the Impersonated Mailbox and use the saved Credentials in the Client.
We have learned to save credentials in my First Post, if you wants to check the Credentials you have used recall the below CMD.
($service.Credentials).Credentials | fl
So this is the admin userid which should have Application Impersonation RBAC right to work on other user mailbox using EWS. So Lets Look how do we setup RBAC Role Grop for Application impersonation.
The ApplicationImpersonation management role enables applications to impersonate users in an organization to perform tasks on behalf of the user, So to Create Rbac Role you should have Orgnaziation Administrator rights on Office 365 or in Exchange Orgnaziation, if you do not have rights then request your exchange admin to setup the role for you.
ApplicationImpersonation Role is inbuilt role most of the orgnazation may already have setup this role Goup for application access, to check the same and member of the group run the below CMD
Get-RoleGroup | ft Identity
You can check membership using below CMD
Get-RoleGroupMember -Identity Impersonate | ft Identity
To add a member to role group use the below CMD.
Add-RoleGroupMember -Identity Impersonate -Member
If the Role Group not found then you can set the up the same using the below CMD.
New-ManagementRoleAssignment –Name:Appimpersonation –Role:ApplicationImpersonation –
alright so once we have rights setup so lets see how do we add the ImpersonatedUserID in Client.
To write into ImpersonatedUserID attribute in EWS API Client, we need to create a New Object in PowerShell for ImpersonatedUserID EWS Class using below NameSpace
Below are the Setup of Cmds and Arrays to be used to write into ImpersonatedUserID
$impdUser = “”
$ArgumentList = ([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SMTPAddress),$impdUser
$ImpUserId = New-Object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId -ArgumentList $ArgumentList
$service.ImpersonatedUserId = $ImpUserId

Once you have Run the above commands on powershell lets Recall the $Service Array and Analyse the ImpersonatedUserID Attribute again.

Alright so we see some Value Added to ImpersonatedUserID attribute now let’s go deep into the attribute and check the details.
Run the below CMD to go inside the ImpersonatedUserID Attribute
$service.ImpersonatedUserID  | fl

So now we have set up our Powershell EWS client to go into the Impersonated User mailbox.
So Lets test the Same if its working.
Before we go ahead and test make sure you are using the same admin id in Client which has Application Impersonation Right.
To duble check the same run below CMD.
($service.Credentials).Credentials | fl
If you do not see the Correct userid change the user and password saved in Client, you can use the below set of cmds to change the Credentails in the Client.
$user = ""
$pass = "Admin2Password"
$service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.WebCredentials -ArgumentList $user, $pass

Alright so now we are all set to go inside the mailbox and do something, in my part 1 post I described how to send an email from the mailbox,
in this post lets me teach you guys someting else, so lets create some Task inside the Imprersonated mailbox.
To Create the task we will use Microsoft.Exchange.WebServices.Data.task Class you can check the other Classes available at below MSDN Link.

So Lets Create a New Object for Microsoft.Exchange.WebServices.Data.task Class in Powershell.

$task = New-Object Microsoft.Exchange.WebServices.Data.task -ArgumentList $service
$task.subject = " This is test task"
$task.body = "This Test task was created By EWS Service"
$date = get-date
$duedate = $date.adddays(2)
$task.duedate = $duedate

If the $ run without any error you can created a Task in Impersonated Mailbox Successfully if you see any error make sure you are using correct user id and password with Application Impersonation permission in Crendetail.
This is end of the 2nd part Series, I hope you like My Post, don’t forget to subscribe to see the next post in the Serise.
Don’t Forget and leave your comment and feedback.

You can find the updated Script on My One Drive here.

Below is the Summrise Code of what we disscussed in this topic.


#script Name = Task_ImpersonatedUSer.ps1

#Author = Sunil Chauhan


#Ver = 1.0



#Web Service Path

$EWSServicePath = "C:\Program Files\Microsoft\Exchange\Web Services\2.0\Microsoft.Exchange.WebServices.dll"


#Importing WebService DLL

Import-Module $EWSServicePath


#Creating Service Object

$Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService

#$ExchVer = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1

#$Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($exchver)


#Setting up Admin Credentials with Impersonated Role Group rights

$user = ""

$pass = "Password"

$service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.WebCredentials -ArgumentList $user, $pass


#Setting up EWS URL for Office 365 - You can chage the path to your On premise Exchange CAS server

# if you want to run this script for on prem user.


$EWSurl = ""

$Service.URL = $EWSurl


#Setting up ImperSonated User

$impdUser =

$ArgumentList = ([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SMTPAddress),$impdUser

$ImpUserId = New-Object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId -ArgumentList $ArgumentList

$service.ImpersonatedUserId = $ImpUserId


# Creating Task EWS Class and adding a Test Task

$task = New-Object Microsoft.Exchange.WebServices.Data.task -ArgumentList $service

$task.subject = " This is test task"

$task.body = "This Test task was created By EWS Service"

$date = get-date

$duedate = $date.adddays(2)

$task.duedate = $duedate

"Adding Task to Mailbox  $impdUser"




Post a Comment