Search code examples
c#web-servicespowershellexchange-serverexchangewebservices

Create new user/reset passwords using EWS API

I am pretty sure I know the answer to this but I am looking for verification. Some background:

  • My job uses an Exchange server running 2010 SP2

  • It is hosted by a vendor offsite

  • It does not tie into our active directory and I have no access to theirs

  • I have the admin credentials for making changes via OWA web portal

So far, using EWS, I have been able to do things like searching for users but unable to change anything. I'd like to have the ability to change passwords and make new accounts. I see it is possible if I a) had access to the vendors active directory or b) could remotely execute powershell... but I have neither.

I also found this but it led me nowhere. Logging into https://server/EWS/exchange.asmx with the admin OWA admin user name and password led me to https://server/ews/Services.wsdl where I saw this but I could not find anything of value in it:

<wsdl:definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" targetNamespace="http://schemas.microsoft.com/exchange/services/2006/messages">
<wsdl:types>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:import namespace="http://schemas.microsoft.com/exchange/services/2006/messages" schemaLocation="messages.xsd"/>
</xs:schema>
</wsdl:types>
<wsdl:message name="UploadItemsSoapIn">
<wsdl:part name="request" element="tns:UploadItems"/>
<wsdl:part name="Impersonation" element="t:ExchangeImpersonation"/>
<wsdl:part name="MailboxCulture" element="t:MailboxCulture"/>
<wsdl:part name="RequestVersion" element="t:RequestServerVersion"/>
</wsdl:message>
...

Given the circumstances, is there anyway to create a new account or change a user's password without using OWA?

Solution

  • EWS is a Mailbox Access API only there is no ability to perform any administrative operations (CRUD) or manage user passwords (OWA utilizes IIS features to do this) outside of getting the Password expiration.

    To Create a Mailbox in Exchange 2010 you need to either have access to the Exchange Management Console,Exchange Management Shell via Remote Powershell access or you should have at least the ability to use ECP eg http://plexhosted.com/billing/knowledgebase/193/How-to-create-a-user-in-the-Exchange-Control-Panel-Exchange-2010.html .

    Cheers Glen