Exchange Active Directory Integration

Securely Manage Multiple SaneBox Users on Exchange

Enhanced Security and Control for Enterprise Customers

This guide details how to configure Exchange Impersonation for a more secure and controlled SaneBox experience for your organization with multiple users on Microsoft Exchange.

What is Exchange Impersonation?

Exchange Impersonation allows SaneBox to access mailboxes without requiring individual user passwords. This approach strengthens security and simplifies management for administrators.

https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-configure-impersonation](https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-configure-impersonation)

Compatibility and Requirements:

• Exchange Server: 2010, 2013, or later versions
• Windows Server: 2008R2, 2012, or later versions
• .NET Framework: 3.5 or 4.x
• Outbound Internet Access

Installation Steps:

1. Preparation:

• Obtain the SaneboxSetup.zip file from your SaneBox business sales support.
• Ensure your Exchange installation has the necessary .NET Framework version installed (check with Get-WindowsFeature commands if unsure).

2. Configuring Impersonation (Exchange Admin Required):

• Launch the Exchange PowerShell on a server with access to Active Directory.
• Set the execution policy to unrestricted with Set-ExecutionPolicy Unrestricted (change back to default later).
• Run the SetupSaneboxImpersonation.ps1 script located in the SaneboxSetup.zip. The script will:
  • Create a dedicated “SaneboxAllowed Group” in Active Directory.
  • Create a “SaneboxAccess” account for secure access.
  • Grant the “SaneboxAccess” account permission to access mailboxes in the “SaneboxAllowed Group.”

3. Script Prompts:

• The script will prompt you for:
  • Password for the “SaneboxAccess” account (provide to SaneBox support).
  • Mailbox database name (if you have multiple databases). Use the output from Get-MailboxDatabase for reference.

4. Security Warning and Completion:

• Confirm the security warning (r to run).
• After successful execution, reset the execution policy with Set-ExecutionPolicy Default.

5. Installing Connector Service:

• Install the service on a machine with .NET Framework access (check with Get-WindowsFeature if needed).
• Run InstallService.exe from the SaneboxSetup directory.
• This creates and starts a new Windows service named “Sanebox Connector.”

Support and Next Steps:

For further assistance or questions, reach out to SaneBox support. This secure setup allows you to manage SaneBox access for your entire organization efficiently.