Follow

How to create the service account for Pronestor Planner and Exchange integration

Pronestor Planner can be integrated with your Exchange environment so that your meetings are synchronized. This is done with a service account that has the right application impersonation in Exchange.

We don't directly support this, as it is done in Exchange and not in Pronestor, but we have gathered some knowledge and frequently asked questions to help you set it up, as well as some links to guides on the internet.

If you want to know more about how Pronestor Planner and Exchange works and why the service account needs application impersonation rights, please see this guide instead: https://helpdesk.pronestor.com/hc/en-us/articles/360028374592-Application-impersonation-rights-in-exchange-for-Pronestor-

Table of contents

Requirements

  • Administrative rights in your Exchange

What does the service account need?

For Pronestor Planner, the service account needs to have application impersonation rights on all users and all meeting rooms connected to Pronestor Planner.

The Exchange service account must have a mailbox and the primary email address for that account must be the original one and not an alias.

If you want, you can limit the scope of the account to just the users using Pronestor Planner and just the meeting rooms you have imported. For instance, if your active directory contains users for your entire organization, but you only use Pronestor on one location. We don't recommend it, as you risk a lot of meetings on your fallback user in Pronestor Planner.

Please note Setting of permissions on Exchange can have some latency before the permissions are set and available. Please allow up to 30 min. for Exchange to have the permissions committed.
Please ensure that you set the password for the Service account never to expire. If that isn't possible, then it is the responsibility of the customer to ensure that the password is always updated in Exchange and in Pronestor before it expires.

How to check whether the service account has the correct access

You can check whether the service account has the correct access by running a script in PowerShell. This has to be done on your Exchange server.

The script:

Get-ManagementRoleAssignment -roleassignee "service@pronestor.com" -role applicationimpersonation

The results of the script. The "service@pronestor.com" has the application impersonation rights. The "UserWithoutRights@pronestor.com" is a regular employee without application impersonation rights. If your account has application impersonation, the response of the script will show you the role applicationimpersonation.

mceclip0.png

Microsofts Guides

Exchange 2013

http://technet.microsoft.com/en-us/library/dd776119(v=exchg.150).aspx

Exchange 2010

http://technet.microsoft.com/en-us/library/ff793352(v=office.14).aspx

Example:

New-ManagementRoleAssignment -Name PronestorServiceGroup -Role applicationImpersonation -User service@pronestor.com

Exchange 2007

https://msdn.microsoft.com/en-us/library/bb204095(v=exchg.80).aspx

Our bare bones guide for Office 365

  1. Go to web portal - with administrator permissions
  2. Create a new user (ex. "service")
  3. Go to Exchange Admin Center
  4. Choose Permissions in left menu
  5. Choose "Admin Roles"
  6. Create a new "Role Group"
    1. Name : Pronestor Service Group
    2. Roles : add "ApplicationImpersonation"
    3. Members : add the "service"-user from above

Third party guides

Here are some very helpful third party guides we found. Please note that Pronestor is not responsible for the content of these guides.

https://www.sharepointsapiens.com/blog/how-to-configure-applicaiton-impersonation-exchange/

https://cloudsolutions.atlassian.net/wiki/spaces/CKB/pages/4358166/Setting+up+Application+Impersonation+for+Exchange+or+Office+365

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk