Allowing access to Private items on an on-prem Exchange server to a delegate.

I’ve recently had problems trying to copy out folders from a mailbox that had been shared to me. I got the following error message:

cannot copy the items may contain private items

“Cannot copy the items. Cannot copy this folder because it may contain private items.”

Most of the solutions I found on the internet required the user who shared the folder with me to tick the “Private items” option in Outlook. Not good when I can’t get hold of them when needed and also not possible if you only use OWA (Outlook Web Access) and don’t have Outlook installed.

After a lot of searching I think I found the correct solution.

Download and install Exchange Web Services:

https://www.microsoft.com/en-us/download/details.aspx?id=35371

Enable applicationImpersonation for the account the powershell command would be run from.

$mbtoDelegate = "mark@yourdomain.co.uk"
$delegatetoAdd = "helen@yourdomain.co.uk"


$dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\2.0\Microsoft.Exchange.WebServices.dll"
[void][Reflection.Assembly]::LoadFile($dllpath)
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService
([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1)

$windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$sidbind = "LDAP://<SID=" + $windowsIdentity.user.Value.ToString() + ">"
$aceuser = [ADSI]$sidbind

$service.AutodiscoverUrl($aceuser.mail.ToString())
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId
([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate);

$mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate)
$dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd)
$dgUser.ViewPrivateItems = $true
$dgUser.ReceiveCopiesOfMeetingMessages = $false
$dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Author
$dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::Author
$dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1
$dgArray[0] = $dgUser
$service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray);

If you screw it up, comment out the last .AddDelegates line using a # at the beginning and add in

$service.RemoveDelegates($mbMailbox, $delegatetoAdd);

Don’t be tricked with the variable name.. even though it says “toAdd” we are just using it as a convenient place to retrieve the delegate email address.

Anyway – once run.. I could then copy the folder structure I needed!

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s