locked
Configuring Exchange Impersonation cmdlet - Exchange 2010 (DAG) RRS feed

  • Question

  • Hi,

    I’m a little confused on what to enter in the Configuring Exchange Impersonation cmdlet? If I want to assign my AD account noconnor to be able to recover or impersonate a user mailbox jsmith How do I enter that in the cmdlet? Is it like I did below?

    New-ManagementRoleAssignment –Name:noconnor –Role:ApplicationImpersonation –User:jsmith

    Thanks


    Wave~Chaser

    Monday, April 16, 2012 3:35 PM

Answers

  • Yup your syntax was corrrect.

    get-mailbox -identity jsmith | add-adpermission -user testdomain\noconnor user -ExtendedRights ms-Exch-EPI-May-Impersonate



    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    • Marked as answer by WaveChaser Wednesday, April 18, 2012 3:52 PM
    Tuesday, April 17, 2012 12:51 AM
  • New-ManagementRoleAssignment –Name:noconnor –Role:ApplicationImpersonation –User:jsmith

    The right cmdlet is listed in the following document:

    Configuring Exchange Impersonation

    http://msdn.microsoft.com/en-us/library/bb204095.aspx

    For more information about RBAC, please see:

    Understanding Role Based Access Control

    http://technet.microsoft.com/en-us/library/dd298183.aspx


    Frank Wang

    TechNet Community Support

    • Marked as answer by Gavin-Zhang Friday, May 4, 2012 8:29 AM
    Wednesday, April 18, 2012 3:02 AM

All replies

  • get-mailbox -identity user1 | add-adpermission -user domainname\service application user -ExtendedRights ms-Exch-EPI-May-Impersonate


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Monday, April 16, 2012 4:39 PM
  • Thanks for the info so where would I enter the users in the syntax? I would like noconnor to have Exchange Impersonation (permision)  of jsmith mailbox

    Would it be like this?

    get-mailbox -identity jsmith | add-adpermission -user testdomain\noconnor user -ExtendedRights ms-Exch-EPI-May-Impersonate


    Wave~Chaser


    • Edited by WaveChaser Monday, April 16, 2012 5:45 PM
    Monday, April 16, 2012 5:43 PM
  • I think I just deleted someones reply by accident. Sorry about that can you repost? thx

    Wave~Chaser

    Monday, April 16, 2012 6:40 PM
  • Yup your syntax was corrrect.

    get-mailbox -identity jsmith | add-adpermission -user testdomain\noconnor user -ExtendedRights ms-Exch-EPI-May-Impersonate



    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    • Marked as answer by WaveChaser Wednesday, April 18, 2012 3:52 PM
    Tuesday, April 17, 2012 12:51 AM
  • New-ManagementRoleAssignment –Name:noconnor –Role:ApplicationImpersonation –User:jsmith

    The right cmdlet is listed in the following document:

    Configuring Exchange Impersonation

    http://msdn.microsoft.com/en-us/library/bb204095.aspx

    For more information about RBAC, please see:

    Understanding Role Based Access Control

    http://technet.microsoft.com/en-us/library/dd298183.aspx


    Frank Wang

    TechNet Community Support

    • Marked as answer by Gavin-Zhang Friday, May 4, 2012 8:29 AM
    Wednesday, April 18, 2012 3:02 AM
  • I want to configure application Impersonation for service account so that group of  mailboxes can be accessed through this service account.

    Let us say, my application\service account is- skyWipro

    I want application Impersonation for following group of user- sky12, sky13, sky14, sky15,sky16

    Then how can I configure application Impersonation?

    Please let me know all command what need to run?

     

    I found below command but not sure how can I run these for above condition-  

    New-ManagementScope –Name:scopeName –RecipientRestrictionFilter:recipientFilter

    New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount –CustomRecipientWriteScope:scopeName

    Monday, June 1, 2015 1:37 PM