365 EWS Impersonation

Ask questions about creating Graphical User Interfaces (GUI) in PowerShell and using WinForms controls.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
PS_Ross
Posts: 28
Joined: Thu Mar 01, 2018 7:46 am

365 EWS Impersonation

Post by PS_Ross » Fri Jul 13, 2018 6:09 am

When trying to create code for EWS Impersonation, I am running into an issue with the -RecipientRestrictionFilter parameter.

Using the following code in my program;

$ScopeName = $textbox5.Text
$GroupDN = $textbox6.Text
New-ManagementScope -Name:$ScopeName -RecipientRestrictionFilter:{memberofgroup -eq $GroupDN}

This code executes successfully, however when I go check the management scope in 365 the RecipientFilter is not set, which is the $GroupDN variable above.

When I run the code manually from a shell, it works as expected. The following code is what I use for the manual method;

New-ManagementScope -Name "NameOfScope" -RecipientRestrictionFilter:{memberofgroup -eq "CN=TestGroup,OU=TestOU1,OU=US,OU=GIT,DC=domain,DC=com"}

It appears there is something about the $GroupDN variable it does not like. Any help is greatly appreciated.

User avatar
jvierra
Posts: 12899
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: 365 EWS Impersonation

Post by jvierra » Fri Jul 13, 2018 6:22 am

New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq $GroupDN"

Forget the colons and use quotes not {}. Only quotes will cause variable substitution.

User avatar
PS_Ross
Posts: 28
Joined: Thu Mar 01, 2018 7:46 am

Re: 365 EWS Impersonation

Post by PS_Ross » Fri Jul 13, 2018 6:38 am

Thanks for the response jvierra.

The syntax requires those characters, the command cannot be run without them. I did try your suggestion just so I could show you the error, I have attached a screenshot of the error for your reference.
Attachments
Capture.JPG
Capture.JPG (45.17 KiB) Viewed 403 times

User avatar
jvierra
Posts: 12899
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: 365 EWS Impersonation

Post by jvierra » Fri Jul 13, 2018 6:45 am

Then it requires the following:

New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"
or
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}

MS implementation of filter clauses can be screwy at times.

User avatar
PS_Ross
Posts: 28
Joined: Thu Mar 01, 2018 7:46 am

Re: 365 EWS Impersonation

Post by PS_Ross » Fri Jul 13, 2018 7:15 am

Yea, they definitely are tricky at times. So the top option you mentioned above won't work because we need the brackets, however I tried the 2nd option, which yields something slightly different. It looks like it tried to read it, but only took part of it. I have attached a screen shot of the output.

The "RecipientRestrictionFilter" attribute should be set to the DN of the group as I posted in my above comments, looks like it only took a part of it for some reason. It's now setting it to 'DC=$groupdn'.
Attachments
Capture.JPG
Capture.JPG (18.78 KiB) Viewed 387 times

User avatar
jvierra
Posts: 12899
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: 365 EWS Impersonation

Post by jvierra » Fri Jul 13, 2018 9:50 am

Your quotes cannot be like that. Think about it. You must use double quotes to expand the variable.
Read the following very carefully. https://blogs.technet.microsoft.com/eva ... entfilter/

User avatar
PS_Ross
Posts: 28
Joined: Thu Mar 01, 2018 7:46 am

Re: 365 EWS Impersonation

Post by PS_Ross » Fri Jul 13, 2018 10:57 am

I was using your suggestion from your previous post, think about how I am asking for help. So if you recommend something within reason, I am going to try it. Go back and look at your previous post where you literally typed the following line yourself;

New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter {memberofgroup -eq '$GroupDN'}

See how you used single quotes? That is why I tried it that way. I know the usage of double quotes, I was just being open to someone else's suggestion.

FYI, even when using double quotes it still yields the same result as I posted in my screen shot above. It only takes 'DC=$groupdn'.

User avatar
jvierra
Posts: 12899
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: 365 EWS Impersonation

Post by jvierra » Fri Jul 13, 2018 11:56 am

The following is the required format:
New-ManagementScope -Name $ScopeName -RecipientRestrictionFilter "memberofgroup -eq '$GroupDN'"

Notice double quotes and NOT {}. Single quotes on the inside. Please read the link I posted above.

User avatar
jvierra
Posts: 12899
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: 365 EWS Impersonation

Post by jvierra » Fri Jul 13, 2018 12:22 pm

I just ran your code with my modifications. It works as intended.

PS D:\scripts> $x='jsmith'
PS D:\scripts> New-ManagementScope -Name TestScope -RecipientRestrictionFilter "memberofgroup -eq '$x'"

Name ScopeRestrictionType Exclusive RecipientRoot RecipientFilter ServerFilter
---- -------------------- --------- ------------- --------------- ------------
TestScope RecipientScope False MemberOfGroup -eq 'DC=jsmith'

User avatar
PS_Ross
Posts: 28
Joined: Thu Mar 01, 2018 7:46 am

Re: 365 EWS Impersonation

Post by PS_Ross » Fri Jul 13, 2018 12:39 pm

If that is the output, then it is not working correctly. Sure the command is executing successfully, but that is not a correct recipient filter. I am not sure your experience with EWS Impersonation, but the output of the "RecipientFilter" command should not just be "DC=$groupdn", it should reflect the group distinguished name, as I have entered it above, something like this;

CN=Object1,OU=EmailList,OU=US,OU=GIT,DC=domain,DC=com

Not just DC=$groupdn. It is only taking that part of the code for some reason.

If I were to run the command manually, from a powershell console, then go back and run the Get-ManagementScope command, it would reflect the entire group DN, or else the membership will not work.

I have attached a screen shot of a working setup for your reference. That is what it needs to look like for a working scenario. Notice how the RecipientFilter attribute is reflecting correctly.
Attachments
Capture.JPG
Capture.JPG (27.1 KiB) Viewed 353 times

Locked