On exchange 2010, LogonExchangeMailbox() is able to access multiple mailboxes using the current window credential.
session.LogonExchangeMailbox(userOne, mailServer)
session.LogonExchangeMailbox(userTwo, mailServer)
On exchange 2013, what's the proper way? It's a vb script, I don't want the user password hardcoded in the file. I tried something like but can't make it work:
session.Logon()
session.UseEWSImpersonation=1
credential=session.credentials
session.LogonHostedExchangeMailbox(userOne#mail.com, credential)
session.LogonHostedExchangeMailbox(userTne#mail.com, credential)
I also tried AddDelegateExchangeMailBoxStore(user), but if I accidentially added twice, one will not be able to delete.
Outlook redemption is latest version with Outlook 2013 on Win 7.
LogonExchangeMailbox uses the credentials of the current domain user to connect. If you want to open a mailbox of another user, logon to the current user's mailbox using LogonExchangeMailbox, then open another user's mailbox using RDOSession.GetSharedMailbox
Related
I tried to receive all events for an Microsoft 365 User. It's a business license and a add an App with all User/Mail/Calendar Permissions (also consent granted) to Api permissions.
When running this command or some similar like in the documentation I got 403
Client error: `GET https://graph.microsoft.com/v1.0/users/xxxxxxxxxxxxxxxxxxxx/events` resulted in a `403 Forbidden` re
sponse:
{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}
What did I do wrong? I also tried the Graph Explorer (with logged in user).
Are the permissions you are assigning delegated or application permissions?
If you are using application permissions for your App Registration then you need to give access on the user's calendar to the app (probably by using a new service principal on exchange online).
If you are using delegated permissions then you should check the access token you are getting for validation in jwt.ms
Bear in mind that Graph explorer with logged in user needs different permissions than your App Registration. ( it's a different app registration altogether )
Seems like I had the same issue https://learn.microsoft.com/en-us/answers/questions/1165285/microsoft-graph-get-outlook-calendar-events-403?page=1&orderby=Helpful&comment=answer-1168253#newest-answer-comment
The fix was to remove all the other permissions and just give it
I also would like reset a user password using Microsoft Graph from a windows service using admin permissions. Using PATCH request to the user's profile
seemed promising but the required Directory.AccessAsUser.All permission is not on the list at apps.dev.microsoft.com so I get a "Insufficient privileges to complete the operation." error.
I had promised to replace PowerShell cmdlets with Microsoft Graph in our application and this small but essential feature now becomes a blocker.
Is there a plan to add this permission to the list?
Is there any way I can assign this permission? perhaps by editing the manifest? If so does anyone know the correct info
"resourceAppId": "????",
"resourceAccess": [
{
"id": "????",
"type": "Scope"
,
What's with the office portal Azure Directory Admin, app registration (preview)? I can see the app I registered at apps.dev.microsoft.com. Is it now an alternative to apps.dev? I like the interface better and the built-in admin consent button.
There is no application permission (yet) that allows you to reset a user's password using Microsoft Graph.
Is there a plan to add this permission to the list?
Yes, but that's about all there is to share, at the moment.
Is there any way I can assign this permission?
The only way to achieve this today (2019-01-17) is to assign the "Company Administrator" role to the ServicePrincipal object for your app — a very risky move (which is not recommended), as it will give your app full admin permissions.
What's with the office portal Azure Directory Admin, app registration (preview)? [...] Is it now an alternative to apps.dev?
Yes, though it's still in preview and it's possible some things might not work (as with all things in preview).
I'm wondering if we just found a bug in the MS Graph API. I'm trying to access a different user's inbox mail rules via MS Graph. Here's what I did:
1.) Registered an application on the V1 Azure AD Endpoint, with ALL delegated permissions (including MailBoxSettings.Read and MailBoxSettings.ReadWrite)
2.) Granted access to the application using a global admin account
3.) Got a Graph Bearer Token for the tenant & proper permissions:
4.) Delegated mailbox access (full access) to my Global Admin account in Exchange Online settings:
5.) Verified that I have access to the users inbox via Graph:
6.) Attempting to list messagerules for this user fails:
Note that retrieving the current (global admin) user's mail rules works without an issue:
GET /https://graph.microsoft.com/v1.0/me/mailfolders/inbox/messageRules
This tells me that there is probably a bug in MS Graph - or am I maybe missing something?
Thanks in advance
Ben
I have tried this, and I have get the same error. As my understand, we can not get the other's email rules. If you want to use this case, we can submit this issue on the github Issue
To read other users emaill inbox you need Application Type permission set rather than Delegated access.
Follow this link
https://learn.microsoft.com/en-us/graph/auth-v2-service
I've tried to do a simple azure logic app. I'm using the office 365 connector and an email trigger of "When_a_new_email_arrives" (https://azure.microsoft.com/en-us/documentation/articles/connectors-create-api-office365-outlook/#when-a-new-email-arrives). It seems to work if I send an email to the target account, push the trigger. At least when matched between azure login & office 365 mailbox (i.e. both uses the same id xxx#company.com)
However, if the mailbox belongs to another user say yyy#company.com it doesn't seem to work even though it is "authorized". The trigger always comes back as 'skipped'. I think I'm getting to the correct mailbox because if I say a different source folder that does not exist in the target mailbox I do get an error.
Any ideas on how to troubleshoot?
You can only work with one account with the Office 365 Connector Api.
The only account you can use is the one you logged in with.
I walked away from this and tried it again and it worked straight away. So, I believe this was a bug, as it now works with only me doing an "authorize" again (something I had previously done).
The answer that it can't be done is incorrect.
I'm using a Ruby gem called Savon to interact with SharePoint 2010's UserProfileService Web Service. I'm getting an error: Attempted to perform an unauthorized operation. I used
client.wsse.credentials "username", "password"
to pass my credentials. Anyone know what permissions are needed to use the UserProfileService web service?
In SP 2007, the username/password you use will need to have the "Manage User Profiles" permission set in the Shared Service Provider (SSP). IN SP 2010, I am not sure what the equivalent is since there is no longer an SSP, but an User Profile Service. I am sure there is something similar.
In Manage service applications in Central Admin, click on the User Profile Service then click Permisions in the ribbon add the user with Full Control permissions