Exchange 2010 - Configure Impersonation Role to an AD Group RRS feed

  • Question

  • Synopsis: I use Exchange Impersonation for restoring granular Mailbox items from a backup to a production Exchange 2010 server. I would like to apply the Exchange Impersonation role to all users in an AD group.

    Disambiguation: I do not want to set a scope of mailboxes to use the Impersonation role on, but to have multiple 'impersonators' assigned the Impersonation role by pointing to an AD group in lieu of configuring/removing the role on individual users from the EPS console.

    Advantage: Add a user or group in AD to this group to grant the Impersonation Role on the Exchange Server to reduce administration overhead.

    I am not sure if this is possible, but if there is a way to do this or if there is another Exchange specific workaround, I am very interested.


    Thank You!

    • Edited by A.J.'s Monday, August 4, 2014 9:36 PM Typo
    Monday, August 4, 2014 9:34 PM


  • I would suggest to take guidance from Backup software vendor or check if it is even possible with their software to grant end user for the restore capability... Personally I wouldn't grant end-user ability to kick off restore any time even though it is for their mailbox and ultimately that would create mess when multiple people are restoring their mailbox from multiple backups... 

    Blog | Get Your Exchange Powershell Tip of the Day from here

    Tuesday, August 5, 2014 12:27 AM