Getting PowerShell ready to work with Exchange: Adding and removing meetings in Outlook using PowerShell part 2

In the previous post, Adding and removing meetings in Outlook using PowerShell,  I discussed why we had chosen to use PowerShell to manage appointments in Outlook.  In this post we will look how to set up PowerShell to perform these tasks, specifically:

  • enabling the EWS Managed API
  • using encrypted passwords with EWS
  • working with the calendar

The full script is listed at the bottom of the post.

Enabling the EWS Managed API

Microsoft’s EWS Managed API is the core mechanism for interacting with the Exchange Server. The code is now available on the OfficeDev github account which links to the Windows Installer downloads.  There is quite a lot of documentation on MSDN and other Microsoft outlets as well as third party sources.

Installing the package on the server where the PowerShell code will run was straightforward: download the MSI file and run the installer. The only thing to ensure is that the chosen version matches the Exchange server you are connecting to.

Once installed in the server, the EWS Managed API needs to be made available to PowerShell.  While it could be added to the profile, it is simpler to include it in the script

Once the Import-Module cmdlet has run all the APi features are available to PowerShell.

Using Encrypted Passwords with EWS

The aim of the script is to create appointments in the primary calendar of an Exchange account accessed by service administrators.  In order to add  appointments into the calendar the script needs to authenticate with the correct identity. We did consider running the script under that identity, but that would have meant adding permissions to other machines, databases and services that did not make sense.

Fortunately the EWS API allows the script to create a connection to an account by passing a plain text username and password.  Clearly this is not really acceptable, so we have used the technique for creating an encrypted password file described by Todd Klindt (the PowerShell v2 version). Once the encrypted password file was on the disk the trick was getting EWS to accept it.

Unfortunately this took a fair bit of trial and error.  Searching the web offered a number of different ways to create a connection, but most of them did not work. The solution was ultimately to create a credentials object using the secure string and then extract the password as a string variable that is then used to create the WebCredentials object:

  • get the contents of the encrypted password file (referenced by the $passfile variable) and turn it into a secure string

  • create a credentials object and extract the password

  • create a Exchange Service object (note this is for Exchange 2010)

  • use the password variable (and a username variable) to create credentials for the new Exchange Service object

Now that the Exchange connection is established we can bind to the calendar.

Working with the Calendar

The script then binds to the default calendar for the nominated account.  We have used this approach because most users are not too familiar with multiple calendars, and on this service account this default calendar is used primarily for managing these appointments.

An enhancement would be to check for the successful creation of the $folderid object, but as this is binding to the default calendar there is no real danger that the calendar will not be found as long as the credentials authenticate successfully.

We are now ready to create (and delete) entries in the calendar; which will be the subject of the next post; Creating and Deleting Meetings: Adding and removing meetings in Outlook using PowerShell part 3.

The script so far