Created :
Written by Support InfoBridge
Overview
This article will describe how to set the impersonation rights on Exchange 2010 on-Premise.
How to
Prerequisites
The following prerequisites are required to configure Exchange Impersonation:
- Administrative credentials for the computer that is running Exchange 2010 that has the Client Access server role installed.
- Domain Administrator credentials, or other credentials with the permission to create and assign roles and scopes.
- Remote PowerShell installed on the computer from which you will run the commands.
Procedure
To configure Exchange Impersonation for all users in an organization
- Open the Exchange Management Shell.
- Run the New-ManagementRoleAssignment cmdlet to add the permission to impersonate to the specified user. The following example shows how to configure Exchange Impersonation to enable a service account to impersonate all other users in an organization.
- ( New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount )
To configure Exchange Impersonation for specific users or groups of users
- Open the Exchange Management Shell.
- Run the New-ManagementScope cmdlet to create a scope to which the impersonation role can be assigned. If an existing scope is available, you can skip this step. The following example shows how to create a management scope for a specific group ( New-ManagementScope –Name:scopeName –RecipientRestrictionFilter:recipientFilter )
- Run the New-ManagementRoleAssignment cmdlet to add the permission to impersonate the members of the specified scope. The following example shows how to configure Exchange Impersonation to enable a service account to impersonate all users in a scope.
- ( New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount –CustomRecipientWriteScope:scopeName )
The RecipientRestrictionFilter parameter of the New-ManagementScope cmdlet defines the members of the scope. You can use properties of the Identity object to create the filter. The following example is a filter that restricts the result to a single user with the user name "john."
( Name –eq 'john' )
Source : http://msdn.microsoft.com/en-us/library/bb204095.aspx