Pronestor Display is integrated with your Exchange environment so that your meetings are shown on the tablets. This is done with a service account that has the right application impersonation in Exchange.
We don't directly support this, as it is done in Exchange and not in Pronestor, but we have gathered some knowledge and frequently asked questions to help you set it up, as well as some links to guides on the internet.
Table of contents
- Requirements
- What does the service account need?
- How to check whether the service account has the correct access
- Microsofts Guides
- Our bare bones guide for office 365
- Third party guides
Requirements
- Administrative rights in your Exchange
What does the service account need?
For Pronestor Display, the service account needs to have application impersonation rights on all meeting rooms connected to Pronestor Display.
The Exchange service account must have a mailbox and the primary email address for that account must be the original one and not an alias.
How to check whether the service account has the correct access
You can check whether the service account has the correct access by running a script in powershell. This has to be done on your Exchange server.
The script:
Get-ManagementRoleAssignment -roleassignee "service@pronestor.com" -role applicationimpersonation
The results of the script. The "service@pronestor.com" has the application impersonation rights. The "UserWithoutRights@pronestor.com" is a regular employee without application impersonation rights. If your account has application impersonation, the response of the script will show you the role applicationimpersonation.
Microsofts Guides
Exchange 2013
http://technet.microsoft.com/en-us/library/dd776119(v=exchg.150).aspx
Example:
New-ManagementRoleAssignment -Name PronestorServiceGroup -Role applicationImpersonation -User service@pronestor.com
Our bare bones guide for Office 365
- Go to web portal - with administrator permissions
- Create a new user (ex. "service")
- Go to Exchange Admin Center
- Choose Permissions in left menu
- Choose "Admin Roles"
- Create a new "Role Group"
- Name : Pronestor Service Group
- Roles : add "ApplicationImpersonation"
- Members : add the "service"-user from above
Third party guides
Here are some very helpful third party guides we found. Please note that Pronestor is not responsible for the content of these guides and cannot support you regarding their content
https://www.sharepointsapiens.com/blog/how-to-configure-applicaiton-impersonation-exchange/
For Pronestor Display - the user/service account used by Pronestor can be limited to a scope of rooms only – ensuring that the service account ONLY have application impersonation the specific rooms in the scope and not system wide. Note that the support cannot guide you in how to, but we have this guide that an exchange administrator with experience with O365 and Powershell towards O365 should be able to follow.
Create a scope ex
New-ManagementScope -Name "PronestorResourceMailboxes" -RecipientRestrictionFilter {name -eq 'qa_room_1'}
Set the permission for you service account for the scope
New-ManagementRoleAssignment -Name "ResourceImpersonation" -Role ApplicationImpersonation -User "service_group@pronestor.com" -CustomRecipientWriteScope "PronestorResourceMailboxes"
Comments
0 comments
Please sign in to leave a comment.