locked
Problems impersanationg RRS feed

  • Question

  • We are writing a inhouse script and need impersanating to work. I added the correct permissions so I think in order for this to happen but keep getting::

    The
    server to which the application is connected cannot impersonate the requested
    user due to insufficient permission

    Any guidance would be appreciated.

    Monday, January 7, 2013 9:15 PM

Answers

  • Hi,
    Run both these commands:

    Get-ClientAccessServer | Add-ADPermission -User domain\user -ExtendedRights ms-Exch-EPI-Impersonation

    AND
    Get-Mailboxdatabase | Add-ADPermission -User domain\user -ExtendedRights ms-Exch-EPI-May-Impersonate

    (I assume now that you are on Exchange 2007 and not 2010)

    Martina Miskovic

    • Marked as answer by uk2us88 Tuesday, January 8, 2013 8:12 PM
    Tuesday, January 8, 2013 6:12 PM

All replies

  • I think I need to add this::

    Add-ADPermission -Identity (get-mailboxdatabase).DistinguishedName -User user1 -extendedRight ms-Exch-EPI-May-Impersonate

    however we have multiple mailbox db how to say which one gets used?

    mailbox1
    mailbox2
    mailbox3

    etc, etc.

    Monday, January 7, 2013 9:26 PM
  • Hi,

    You can run the following cmdlet: Here you have domain\user has impersonation to all CAS and that will fix the issue

    Get-ClientAccessServer | Add-ADPermission -User domain\user -ExtendedRights ms-Exch-EPI-Impersonation

    This can add permission to all CAS Servers

    Regards from ExchangeOnline Windows Administrator's Area

    Tuesday, January 8, 2013 3:59 AM
  • Hi uk2us88

    Did you try the command from ManU

    Also, this Blog might help as well

    http://blogs.technet.com/b/caseys/archive/2008/03/12/the-server-to-which-the-application-is-connected-cannot-impersonate-the-requested-user-due-to-insufficient-permission.aspx

    It said: "This error lets you know that you lack permissions to impersonate the user. The Active Directory user used to perform the migration must have the permission to impersonate the users to inject mail into their mailboxes. "

    Try the command on that blog

    Hope it helps

    Cheers


    Zi Feng
    TechNet Community Support

    Tuesday, January 8, 2013 8:26 AM
  • Yes I have ran the above command and is set. Its a calendar entry program that is being customized for conference rooms etc.

    My developer also gave me this error:

    The server to which the application is connected cannot impersonate the requested user due to insufficient permission.

    We currently have two exchange servers. I am under the impression the above command does both servers?

    • Edited by uk2us88 Tuesday, January 8, 2013 4:38 PM
    Tuesday, January 8, 2013 4:36 PM
  • Hi,
    Run both these commands:

    Get-ClientAccessServer | Add-ADPermission -User domain\user -ExtendedRights ms-Exch-EPI-Impersonation

    AND
    Get-Mailboxdatabase | Add-ADPermission -User domain\user -ExtendedRights ms-Exch-EPI-May-Impersonate

    (I assume now that you are on Exchange 2007 and not 2010)

    Martina Miskovic

    • Marked as answer by uk2us88 Tuesday, January 8, 2013 8:12 PM
    Tuesday, January 8, 2013 6:12 PM
  • Hi,
    Run both these commands:

    Get-ClientAccessServer | Add-ADPermission -User domain\user -ExtendedRights ms-Exch-EPI-Impersonation

    AND
    Get-Mailboxdatabase | Add-ADPermission -User domain\user -ExtendedRights ms-Exch-EPI-May-Impersonate

    (I assume now that you are on Exchange 2007 and not 2010)

    Martina Miskovic

    This fixed our initial error thanks for that....

    Now we have Microsoft.Exchange.WebServices.Data.AutodiscoverLocalException: The Autodiscover service couldn't be located??

    Tuesday, January 8, 2013 7:50 PM

  • This fixed our initial error thanks for that....

    Now we have Microsoft.Exchange.WebServices.Data.AutodiscoverLocalException: The Autodiscover service couldn't be located??


    Glad to hear that!

    For your other question, I would recommend you to post in the Development Forum (with a lot more information of course :)
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrdevelopmentlegacy/threads

    Martina Miskovic

    Tuesday, January 8, 2013 8:05 PM