365 EWS Impersonation

Ask questions about creating Graphical User Interfaces (GUI) in PowerShell and using WinForms controls.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
Shelltastic
Posts: 65
Last visit: Mon Feb 19, 2024 11:31 am

365 EWS Impersonation

Post by Shelltastic »

When trying to create code for EWS Impersonation, I am running into an issue with the -RecipientRestrictionFilter parameter.

Using the following code in my program;

$ScopeName = $textbox5.Text
$GroupDN = $textbox6.Text
New-ManagementScope -Name:$ScopeName -RecipientRestrictionFilter:{memberofgroup -eq $GroupDN}

This code executes successfully, however when I go check the management scope in 365 the RecipientFilter is not set, which is the $GroupDN variable above.

When I run the code manually from a shell, it works as expected. The following code is what I use for the manual method;

New-ManagementScope -Name "NameOfScope" -RecipientRestrictionFilter:{memberofgroup -eq "CN=TestGroup,OU=TestOU1,OU=US,OU=GIT,DC=domain,DC=com"}

It appears there is something about the $GroupDN variable it does not like. Any help is greatly appreciated.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: 365 EWS Impersonation

Post by jvierra »

New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq $GroupDN"

Forget the colons and use quotes not {}. Only quotes will cause variable substitution.
User avatar
Shelltastic
Posts: 65
Last visit: Mon Feb 19, 2024 11:31 am

Re: 365 EWS Impersonation

Post by Shelltastic »

Thanks for the response jvierra.

The syntax requires those characters, the command cannot be run without them. I did try your suggestion just so I could show you the error, I have attached a screenshot of the error for your reference.
Attachments
Capture.JPG
Capture.JPG (45.17 KiB) Viewed 3011 times
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: 365 EWS Impersonation

Post by jvierra »

Then it requires the following:

New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"
or
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}

MS implementation of filter clauses can be screwy at times.
User avatar
Shelltastic
Posts: 65
Last visit: Mon Feb 19, 2024 11:31 am

Re: 365 EWS Impersonation

Post by Shelltastic »

Yea, they definitely are tricky at times. So the top option you mentioned above won't work because we need the brackets, however I tried the 2nd option, which yields something slightly different. It looks like it tried to read it, but only took part of it. I have attached a screen shot of the output.

The "RecipientRestrictionFilter" attribute should be set to the DN of the group as I posted in my above comments, looks like it only took a part of it for some reason. It's now setting it to 'DC=$groupdn'.
Attachments
Capture.JPG
Capture.JPG (18.78 KiB) Viewed 2995 times
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: 365 EWS Impersonation

Post by jvierra »

Your quotes cannot be like that. Think about it. You must use double quotes to expand the variable.
Read the following very carefully. https://blogs.technet.microsoft.com/eva ... entfilter/
User avatar
Shelltastic
Posts: 65
Last visit: Mon Feb 19, 2024 11:31 am

Re: 365 EWS Impersonation

Post by Shelltastic »

I was using your suggestion from your previous post, think about how I am asking for help. So if you recommend something within reason, I am going to try it. Go back and look at your previous post where you literally typed the following line yourself;

New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}

See how you used single quotes? That is why I tried it that way. I know the usage of double quotes, I was just being open to someone else's suggestion.

FYI, even when using double quotes it still yields the same result as I posted in my screen shot above. It only takes 'DC=$groupdn'.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: 365 EWS Impersonation

Post by jvierra »

The following is the required format:
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"

Notice double quotes and NOT {}. Single quotes on the inside. Please read the link I posted above.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: 365 EWS Impersonation

Post by jvierra »

I just ran your code with my modifications. It works as intended.

PS D:\scripts> $x='jsmith'
PS D:\scripts> New-ManagementScope -Name TestScope -RecipientRestrictionFilter "memberofgroup -eq '$x'"

Name ScopeRestrictionType Exclusive RecipientRoot RecipientFilter ServerFilter
---- -------------------- --------- ------------- --------------- ------------
TestScope RecipientScope False MemberOfGroup -eq 'DC=jsmith'
User avatar
Shelltastic
Posts: 65
Last visit: Mon Feb 19, 2024 11:31 am

Re: 365 EWS Impersonation

Post by Shelltastic »

If that is the output, then it is not working correctly. Sure the command is executing successfully, but that is not a correct recipient filter. I am not sure your experience with EWS Impersonation, but the output of the "RecipientFilter" command should not just be "DC=$groupdn", it should reflect the group distinguished name, as I have entered it above, something like this;

CN=Object1,OU=EmailList,OU=US,OU=GIT,DC=domain,DC=com

Not just DC=$groupdn. It is only taking that part of the code for some reason.

If I were to run the command manually, from a powershell console, then go back and run the Get-ManagementScope command, it would reflect the entire group DN, or else the membership will not work.

I have attached a screen shot of a working setup for your reference. That is what it needs to look like for a working scenario. Notice how the RecipientFilter attribute is reflecting correctly.
Attachments
Capture.JPG
Capture.JPG (27.1 KiB) Viewed 2961 times
This topic is 5 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked