I'm writing a .NET application using EWS Managed API to access an Exchange 2013 SP1 server. Right now I have the following issue: I have an user which is able to search successfully through mailboxes but that user is not able to retrieve an item (email) based on a given ID resulted from the search.
So, I perform the search using ServiceResponseCollection<SearchMailboxesResponse> responseCollection = service.SearchMailboxes(searchMailboxesParameters); without any issue but if I take an unique ID from the result and try to retrieve that item using the following piece of code:
ItemId itemId = new ItemId(itemIdentifier);
Item exchangeItem = Item.Bind(exchangeService, itemId);
I get the following exception:
Access is denied. Check credentials and try again.
So, I'm thinking that similar to the mailbox search capability given by a special role, the capability of reading emails from other users can be given by a special role which I don't know right now.
On the other hand, if I'm manually assigning the user that reads to the mailbox of the user that is "read", the process works fine but this cannot be done because we're speaking about thousands of users and an unknown number of administrators.
Thank you very much for your thoughts.
There is no role (apart from impersonation) to do that your trying to assert a Mailbox access right which will need to be granted to the account via Add-MailboxPermission or Add-MailboxFolderPermission or Delegate access (this will ensure the access will be audited). The other option would be to give that account your using Application Impersonation rights and use impersonation https://msdn.microsoft.com/en-us/library/office/dd633680(v=exchg.80).aspx .