When trying to create code for EWS Impersonation, I am running into an issue with the -RecipientRestrictionFilter parameter.
Using the following code in my program;
$ScopeName = $textbox5.Text
$GroupDN = $textbox6.Text
New-ManagementScope -Name:$ScopeName -RecipientRestrictionFilter:{memberofgroup -eq $GroupDN}
This code executes successfully, however when I go check the management scope in 365 the RecipientFilter is not set, which is the $GroupDN variable above.
When I run the code manually from a shell, it works as expected. The following code is what I use for the manual method;
New-ManagementScope -Name "NameOfScope" -RecipientRestrictionFilter:{memberofgroup -eq "CN=TestGroup,OU=TestOU1,OU=US,OU=GIT,DC=domain,DC=com"}
It appears there is something about the $GroupDN variable it does not like. Any help is greatly appreciated.
365 EWS Impersonation
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Re: 365 EWS Impersonation
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq $GroupDN"
Forget the colons and use quotes not {}. Only quotes will cause variable substitution.
Forget the colons and use quotes not {}. Only quotes will cause variable substitution.
- Shelltastic
- Posts: 65
- Last visit: Mon Feb 19, 2024 11:31 am
Re: 365 EWS Impersonation
Thanks for the response jvierra.
The syntax requires those characters, the command cannot be run without them. I did try your suggestion just so I could show you the error, I have attached a screenshot of the error for your reference.
The syntax requires those characters, the command cannot be run without them. I did try your suggestion just so I could show you the error, I have attached a screenshot of the error for your reference.
- Attachments
-
- Capture.JPG (45.17 KiB) Viewed 3022 times
Re: 365 EWS Impersonation
Then it requires the following:
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"
or
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}
MS implementation of filter clauses can be screwy at times.
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"
or
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}
MS implementation of filter clauses can be screwy at times.
- Shelltastic
- Posts: 65
- Last visit: Mon Feb 19, 2024 11:31 am
Re: 365 EWS Impersonation
Yea, they definitely are tricky at times. So the top option you mentioned above won't work because we need the brackets, however I tried the 2nd option, which yields something slightly different. It looks like it tried to read it, but only took part of it. I have attached a screen shot of the output.
The "RecipientRestrictionFilter" attribute should be set to the DN of the group as I posted in my above comments, looks like it only took a part of it for some reason. It's now setting it to 'DC=$groupdn'.
The "RecipientRestrictionFilter" attribute should be set to the DN of the group as I posted in my above comments, looks like it only took a part of it for some reason. It's now setting it to 'DC=$groupdn'.
- Attachments
-
- Capture.JPG (18.78 KiB) Viewed 3006 times
Re: 365 EWS Impersonation
Your quotes cannot be like that. Think about it. You must use double quotes to expand the variable.
Read the following very carefully. https://blogs.technet.microsoft.com/eva ... entfilter/
Read the following very carefully. https://blogs.technet.microsoft.com/eva ... entfilter/
- Shelltastic
- Posts: 65
- Last visit: Mon Feb 19, 2024 11:31 am
Re: 365 EWS Impersonation
I was using your suggestion from your previous post, think about how I am asking for help. So if you recommend something within reason, I am going to try it. Go back and look at your previous post where you literally typed the following line yourself;
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}
See how you used single quotes? That is why I tried it that way. I know the usage of double quotes, I was just being open to someone else's suggestion.
FYI, even when using double quotes it still yields the same result as I posted in my screen shot above. It only takes 'DC=$groupdn'.
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}
See how you used single quotes? That is why I tried it that way. I know the usage of double quotes, I was just being open to someone else's suggestion.
FYI, even when using double quotes it still yields the same result as I posted in my screen shot above. It only takes 'DC=$groupdn'.
Re: 365 EWS Impersonation
The following is the required format:
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"
Notice double quotes and NOT {}. Single quotes on the inside. Please read the link I posted above.
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"
Notice double quotes and NOT {}. Single quotes on the inside. Please read the link I posted above.
Re: 365 EWS Impersonation
I just ran your code with my modifications. It works as intended.
PS D:\scripts> $x='jsmith'
PS D:\scripts> New-ManagementScope -Name TestScope -RecipientRestrictionFilter "memberofgroup -eq '$x'"
Name ScopeRestrictionType Exclusive RecipientRoot RecipientFilter ServerFilter
---- -------------------- --------- ------------- --------------- ------------
TestScope RecipientScope False MemberOfGroup -eq 'DC=jsmith'
PS D:\scripts> $x='jsmith'
PS D:\scripts> New-ManagementScope -Name TestScope -RecipientRestrictionFilter "memberofgroup -eq '$x'"
Name ScopeRestrictionType Exclusive RecipientRoot RecipientFilter ServerFilter
---- -------------------- --------- ------------- --------------- ------------
TestScope RecipientScope False MemberOfGroup -eq 'DC=jsmith'
- Shelltastic
- Posts: 65
- Last visit: Mon Feb 19, 2024 11:31 am
Re: 365 EWS Impersonation
If that is the output, then it is not working correctly. Sure the command is executing successfully, but that is not a correct recipient filter. I am not sure your experience with EWS Impersonation, but the output of the "RecipientFilter" command should not just be "DC=$groupdn", it should reflect the group distinguished name, as I have entered it above, something like this;
CN=Object1,OU=EmailList,OU=US,OU=GIT,DC=domain,DC=com
Not just DC=$groupdn. It is only taking that part of the code for some reason.
If I were to run the command manually, from a powershell console, then go back and run the Get-ManagementScope command, it would reflect the entire group DN, or else the membership will not work.
I have attached a screen shot of a working setup for your reference. That is what it needs to look like for a working scenario. Notice how the RecipientFilter attribute is reflecting correctly.
CN=Object1,OU=EmailList,OU=US,OU=GIT,DC=domain,DC=com
Not just DC=$groupdn. It is only taking that part of the code for some reason.
If I were to run the command manually, from a powershell console, then go back and run the Get-ManagementScope command, it would reflect the entire group DN, or else the membership will not work.
I have attached a screen shot of a working setup for your reference. That is what it needs to look like for a working scenario. Notice how the RecipientFilter attribute is reflecting correctly.
- Attachments
-
- Capture.JPG (27.1 KiB) Viewed 2972 times