3

We have a client running an intranet application with the app pool identity set up as NetworkService. This means the app will present itself to other services as Domain\ComputerName$ user.

There is a shared mailbox set up on Exchange 2013. The application connects to the mail server to download emails from the mailbox. It uses EWS Managed API, but that shouldn't matter in this scenario.

How do I give a computer account full access to the shared mailbox? It does not appear as a user under Full Access permissions box. That seems to be a trivial security configuration, but I can't find a way to do it.

Jacek Glen
  • 1,506
  • 12
  • 14
  • I've also tried `Add-MailboxPermission -Identity "domain\computername$" -User "shared mailbox" -AccessRights 'FullAccess'` but to no avail. I get _computername$ wasn't found_ error. I tried different options for Identity, like FQDN or full AD name, but still the same error. – Jacek Glen Jun 23 '15 at 11:07
  • Question also asked here: https://social.technet.microsoft.com/Forums/exchange/en-US/2d9b26d1-77da-4b62-8ef9-4db977ba94fa/how-to-give-a-machine-account-domaincomputername-permissions-to-access-a-mailbox-on-exchange?forum=exchangesvradmin – Rory Jul 02 '15 at 11:33

1 Answers1

1

You wont be able to do like that

domain\computername$ can not be an account of the mailbox on exchange, you cant not add permission for this name.

you have to create an impersonation account. or you can host a separate account and get the stuff done.

there is another workaround we do in our case is we have a intermediate layer which is for the impersonation and gets the data from the mailbox, and then sends it to the NetworkService in Json.

hope that clears your doubt

N.K
  • 2,220
  • 1
  • 14
  • 44