Microsoft Exchange 2010-2019 integration

The following configuration of Exchange 2010-2019 is needed to let GoBright communicate with the calendars in Exchange.

1. Prerequisites

  • The minimum required Exchange Server version:
    • Exchange Server 2010 version 14.3.468.0 (Rollup 29 SP3 - July 9, 2019)
    • Exchange Server 2013
    • Exchange Server 2016
    • Exchange Server 2019
  • Administrator access to the Exchange environment
  • Access to the Exchange Management Shell
  • De EWS should be externally accessible, this probably is the case if the webmail (OWA) is accessible externally.
  • The Exchange server should be able to send push-notifications (web-hooks, simple HTTPS calls) to https://*.brightbooking.eu & https://*.gobright.com & https://*.gobright.cloud (port 443).

The configuration manual goes through the following steps:

  • Start de Exchange Management Shell
  • Create a service account in Exchange
  • Create the room calendars in Exchange
  • Allow the Service account access to the room mailboxes
  • Create a ‘Roomlist’ in Exchange
  • Configure the users default access to the room mailboxes
  • Configure the behavior of the room mailboxes
  • Find the EWS address

2. Start de Exchange Management Shell

Connecting to the Exchange Management Shell, is the easiest way to execute the several configuration commands.

Login to your Exchange server, start the Exchange Management Shell via the start menu:

  • Start > Microsoft Exchange Server 2007/2010/2013/2016/2019 > Exchange Management Shell

3. Create a service account in Exchange

3.1 Service account creation:

GoBright needs a service account to get access to the calendars, to be able to synchronize the room calendars.

Execute the following commands via the Exchange Management Shell.

Now execute the following command to create the service account, please change the UserPrincipalName to your own name/domain and YourPasswordHere for the password you want to use for the service account:

New-Mailbox -UserPrincipalName gobright@yourdomain.com -Alias 'GoBright' -Name GoBright-Password (ConvertTo-SecureString -String YourPasswordHere -AsPlainText -Force) -FirstName 'GoBright' -DisplayName 'GoBright' -ResetPasswordOnNextLogon $false

If needed you can set a specific ‘Exchange Database’ via the -Database parameter, and set the Organizational Unit via the -OrganizationalUnit parameter. The example command above presumes the default Exchange Database and Organizational Unit.

Now check if the service account is created correctly by executing the following command. The result of the command should show the mailbox of the newly created service account, if no mailbox shows up, you probably should link a license to the mailbox in the Office Admin Center. Execute the following command, replace the Identity parameter to the email address of the service account:

Get-Mailbox -Identity gobright@yourdomain.com

Please note: make sure you configure the service account in such way, that it's credentials do not expire!

 

3.2 Impersonation:

Impersonation must be configured because of throttling quota configurations of Exchange. There are two levels of doing configuring this, please read the two options below.

For more information on why impersonation is used, please refer to the following MSDN article.

3.2.1 Only room mailboxes - maximum restriction

For the room calendar integration to work, it is necessary to give ‘impersonation’ rights to the service account, as described above. The minimum level of access is to have impersonation access to the room mailboxes you want to integrate with. This way integration will be working correctly, and there will be no throttling limits from Exchange.

First create a managementscope for the resource mailboxes by executing the following command:

New-ManagementScope -Name "GoBrightResourceMailboxes" -RecipientRestrictionFilter { RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox" }

Secondly, apply the following command which assigns the created managementscope to the service account, change the User parameter to the email address of the service account you’ve created:

New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User gobright@yourdomain.com –CustomRecipientWriteScope "GoBrightResourceMailboxes"

Execute the following command to check if the permissions are given, change the RoleAssignee to the email address of the service account you’ve created. The result of the command should show at least 1 line with the service account.

Get-ManagementRoleAssignment -RoleAssignee gobright@yourdomain.com -Role ApplicationImpersonation -RoleAssigneeType user
3.3.2 Full integration - maximum integration

To enable full integration with the calendar of the user (for integrated users in GoBright), it is necessary to give ‘impersonation’ rights to the service account. 

This way a new booking on an integrated room will be done by creating an appointment in the calendar of the user and invite the room (when creating an appointment in GoBright). This way when the user can later on easily change the booking, as it the user is the organizer, and the booking of the room will change automatically.

Execute the following command, change the User parameter to the email address of the service account you’ve created:

New-ManagementRoleAssignment –Name:GoBrightImpersonation –Role:ApplicationImpersonation –User:gobright@yourdomain.com

Execute the following command to check if the permissions are given, change the RoleAssignee to the email address of the service account you’ve created. The result of the command should show at least 1 line with the service account.

Get-ManagementRoleAssignment -RoleAssignee gobright@yourdomain.com -Role ApplicationImpersonation -RoleAssigneeType user

3.3 Finishing the service account creation:

The service account is now created:

  • As an account with a mailbox
  • With a non-expiring password (please check this, this is a manual action, probably in ActiveDirectory)
  • With impersonation rights

Please write down the following, as you will need them later in the GoBright portal:

  • The login credentials of the service account (email address and password)

4. Create the room calendars in Exchange

With the steps below you’re able to create rooms in your Exchange environment. This will publish the rooms in Exchange, and give a calendar in for each room.

If you already have room calendars in your Exchange environment, then proceed with the next step, but make sure you have the e-mail addresses of the rooms, because you will need them later on.

Execute the following commands via the Exchange Management Shell.

Execute the following command, change the UserPrincipalName to the room email address you would like, and supply a correct Name, DisplayName and for this room:

New-Mailbox -Room -UserPrincipalName room1@yourdomain.com -Name Room1 -DisplayName 'Room 1'

If needed you can set a specific ‘Exchange Database’ via the -Database parameter, and set the Organizational Unit via the -OrganizationalUnit parameter. The example command above presumes the default Exchange Database and Organizational Unit.

Execute this command for each room you would like to create.

5. Allow the Service account access to the room mailboxes

The service account needs FullAccess rights to the room mailbox, so it can use the room mailbox to manage the bookings.

Execute the following commands via the Exchange Management Shell.

Execute the following command, change the Identity to the room email address and change User to the email addres of the service account:

Get-User -Identity room1@yourdomain.com | Add-MailboxPermission -User gobright@yourdomain.com -AccessRights FullAccess

Execute this command for each room you would like to create.

Please note: Generally speaking it will take 15 to 30 minutes for this to be processed, but this can add up to 48 hours, Exchange will not give you any indication of when this is processed. If you proceed when this is not active in Exchange, some functionality in GoBright will not work properly (e.g. changing/saving a room, extend/stop a meeting, etc.)

6. Create a ‘Roomlist’ in Exchange

To get the room mailboxes easily published, you should create one or more ‘Distribution Groups’ of the type ‘Roomlist’.
You might want to create multiple ‘roomlists’, for example per building, per floor, etc.

It is possible to skip this step, but then you will need to manually create the rooms in GoBright, instead of synchronise them.

Execute the following commands via the Exchange Management Shell.

First create the Roomlist, change the Name if you want to give a different name to the roomlist:

New-DistributionGroup -Name 'BrightBooking Rooms' –RoomList

Now add each room mailbox with the following command, change the Identity to the name of the list, and change the Member to the email address of the room:

Add-DistributionGroupMember -Identity 'BrightBooking Rooms' -Member room1@yourdomain.com

Execute this command for each room mailbox, so each room mailbox is added to the list.

7. Configure the users default access to the room mailboxes

Now the access of the users to the room mailboxes should be configured.

Execute the following commands via the Exchange Management Shell.

With the following command you set the default access for each room mailbox to ‘read only, with limited details’, this usually is best, so users cannot change directly in the room mailbox. Change the value of Identity to the email address of the room.

Set-MailboxFolderPermission -Identity room1@yourdomain.com:\Calendar -User Default -AccessRights LimitedDetails

Note: the foldername ‘Calendar’ is dependant to the culture settings of the room mailbox, so ‘Calendar’ also might be some translated value like ‘Agenda’. The command will fail with an error message if you’re using the wrong foldername.

Execute the following command to get the foldername (e.g. when the command above fails):

Get-MailboxFolderStatistics -Identity room1@yourdomain.com | Where-Object {$_.FolderType -eq "Calendar"} | Select Name,FolderType,Identity

8. Configure the behavior of the room mailboxes

The default behaviour of a room mailbox changes the subject of the appointment, and removes the private flag if it’s set. Via the following command the room mailbox is configured to automatically process (accept/decline) meeting requests, and keeps the data of the meeting in place.

Execute the following command via the Exchange Management Shell.

Configure the behavior of the room mailbox, change the Identity parameter to the email address to the email address of the room:

Set-CalendarProcessing -Identity room1@yourdomain.com -AutomateProcessing AutoAccept -DeleteSubject $False -DeleteComments $False -AddOrganizerToSubject $False -RemovePrivateProperty $False -AllowConflicts $False

Execute this command for each room mailbox.

When needed, you can change this best-practice to get different behaviour. The following parameters are the most important:

  • AutomateProcessing: AutoAccept will make the room mailbox process meetings automatically (accept/decline). It’s also possible to do this manually, via the value ‘None’ (more info), but this also means you will have to process cancellations manually.
  • DeleteSubject: By keeping the original subject, we’re able to show the subject in the portal, app and displays. This is possible via the value $False. If you use the value $True, the subject will be deleted by the room mailbox.
  • DeleteComments: By keeping the comments, we’re able to show the subject in the portal and app. This is possible via the value $False. If you use the value $True, the comments will be deleted by the room mailbox.
  • AddOrganizerToSubject: The room mailbox is able to add the name of the organizer to the subject, but this can get confusing. By using the value $False this is disabled.
  • RemovePrivateProperty: The room mailbox removes the private property from the incoming meeting. By using the value $False, the meeting will keep it’s private flag.
  • AllowConflicts: By using the value $False, the room mailbox will not allow new meetings if an other meeting has been planned in the same time frame.

9. Find the EWS address

The last step is to find the EWS internetaddress, GoBright will connect to this address:

  • Find the webmail internetaddress of your Exchange omgeving, for example: https://mail.company.com/owa
  • The EWS url is slightly different compared to the webmail internetadres: https://mail.company.com/EWS/Exchange.asmx
  • Change your url in the same way, and browse to this url via your webbrowser
  • If this is the correct url, you might need to enter login credentials. Use your newly created credentials of the service account.
  • If this is correct, it will show a technical webpage, which looks like te image below:
    Example of technical webpage
  • Write down the url, you will need it in the GoBright portal.

10. Next...

Now you are ready to configure the 'integration' in the GoBright portal, and create the rooms in GoBright.

5 out of 5 found this helpful