How to create a service account on MS Exchange 2013 and above


1. Ensure Exchange Web Services (EWS) are enabled on an SSL connection

– Ensure that your Exchange server has a signed SSL certificate from an approved certificate authority.

– Ensure that inbound connections are allowed on any firewall on port 433 to your Exchange server (you can restrict IP access IP ranges listed on this article )

2. Enable Exchange Autodiscover service

3. Enable basic authentication on Exchange server and Autodiscover service.

Create a Service Account

1. Create an Exchange user with a mailbox that will act as the service account.

2. Using Exchange Management Shell, Enable the Active Directory extended permission for ms-Exch-EPI-Impersonation on all Client Access servers.*

Get-ExchangeServer | where {$_IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity <EnterExchangeSyncServiceAccountEmailAddress> | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}

3. Enable the Active Directory extended rights for ms-Exch-EPI-May-Impersonate to provide the service account impersonate rights over mailboxes. *

Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User <EnterExchangeSyncServiceAccountAddress> -ExtendedRights ms-Exch-EPI-May-Impersonate}

4. Configure your service account to impersonate the group of users you wish to connect to timetoreply by creating a management scope that defines the filter grouping the Exchange users.

e.g. If all relevant mailboxes had the Department filterable property set as ‘InsideSales’ replace <RecipientFilter> with Department -eq ‘InsideSales’

New-ManagementScope -Name:<DefineExchangeSyncScopeName> -RecipientRestrictionFilter:{<RecipientFilter>}

5. Create a management role assignment that restricts the service account to impersonate only the users you defined in the management scope above.

New-ManagementRoleAssignment -Name:<DefineExchangeSyncRoleAssignmentName> -Role:ApplicationImpersonation -User:<EnterExchangeSyncServiceAccountAddress> -CustomRecipientWriteScope:<DefineExchangeSyncScopeName>

*Note that if you receive a pipeline error message, wait a few minutes and reenter the command to let your server process the requests.

Testing your Service Account

Once you have created your service account, you can test the connectivity and the scope at

Once you have created a service account you can use our MS Exchange Bulk Add option to add multiple MS Exchange mailboxes to timetoreply in just a few clicks.

To add multiple mailboxes to timetoreply using our MS Exchange Bulk Add option follow these steps:

  1. Login to your timetoreply accounts:
  2. Navigate to TOOLS > Agents/Mailboxes (
  3. Click on Bulk Add
  4. Then choose the MS Exchange option and click “Bulk link agents”
  5. Enter your service account user email address and password, enter your MS Exchange server version (this is optional), then manually type each mailbox that you want to link to timetoreply or bulk upload a csv with a list of mailboxes that you want to link to timetoreply.
  6. Click “Add” to complete the process.