I'm trying to write a powershell script to enumerate through the emails in a user's exchange online mailbox and display basic identifying information (subject, receive date, etc) this is to allow me to check if copying of emails from one mailbox to another (using a third party migration tool) has been successful.
To do this I need to use User Impersonation.
Googling the subject I seem to be able to find plenty of instructions on how to setup your powershell application so it CAN use user impersonation, but I can't seem to find a guide on how to actually use it in powershell.
Given that I am connected to an ExchangeOnline server with an account that is allowed to do User Impersonation, what is the code to actually impersonate a user for a series of operations (e.g. Get-MailboxFolder) ?
I'm trying to write a powershell script to enumerate through the emails in a user's exchange online mailbox and display basic identifying information (subject, receive date, etc) this is to allow me to check if copying of emails from one mailbox to another (using a third party migration tool) has been successful.
To do this I need to use User Impersonation.
Googling the subject I seem to be able to find plenty of instructions on how to setup your powershell application so it CAN use user impersonation, but I can't seem to find a guide on how to actually use it in powershell.
Given that I am connected to an ExchangeOnline server with an account that is allowed to do User Impersonation, what is the code to actually impersonate a user for a series of operations (e.g. Get-MailboxFolder) ?
Share Improve this question asked Jan 20 at 19:09 Jon HodgsonJon Hodgson 1292 silver badges10 bronze badges1 Answer
Reset to default 0(e.g. Get-MailboxFolder) ?
Get-MailboxFolder is an Exo cmdlet so its not using EWS it use it own delegate administrative permissions, the exo cmdlets can't be used for enumerating email.EWS RBAC Application impersonation is also being retired https://techcommunity.microsoft.com/blog/exchange/retirement-of-rbac-application-impersonation-in-exchange-online/4062671 in EWS starting next month you need to use https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac#application-roles
Using impersonation in EWS is pretty easy once you have authenticated but it really depends on the code your using as what you have to do eg in the EWS Managed API its just one property that need to be set on the ExchangeService object.
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName)
Full sample in https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth
EWS is being depreciated in Exchange Online if this is for a long term application then your better of trying to use the Graph API.