Top tip: Impersonation vs Delegation

Last update:
Created :
Written by Thomas Speekenbrink

Overview:

When having to choose how you wish to set up your rights for the Synchronizer user (often called the SyncUser), you have two options:

  • Impersonation
  • Delegation

Tips:

Impersonation:

Impersonation is where you set the Syncuser with access to all the mailboxes, this is an easy and fast setup. But can also give security issues, depending what this account is being used for.

Delegation:

Delegation is the second possibility, where you need to give the Syncuser rights on individual mailboxes. This takes a bit more time but you are sure that the Syncuser only has access to the mailboxes which it needs to have.

How the Synchronizer works regarding Impersonation/Delegation:

When starting the synchronizer, as check will be done to see if Impersonation or Delegation is being used. If impersonation is used then the Sync knows that it has full rights over the different mailboxes, and the synchronizer will start syncing rapidly.

If the delegation option is selected, it will go through each users's mailbox to verify if the Syncuser has full rights. This will make the synchronizer slower during startup but also during normal operation, as the mailboxes will be checked in succession. If you have a lot of users in the same pool, it might take some time before a user will notice that his/her appointments/tasks/contacts have been synced.