CodeTwo Base.title

How to set impersonation rights manually

Problem:

How to manually manage impersonation rights for the administrator account.

Solution:

Add impersonation rights for your admin account using:

  • ps PowerShell - click this link
  • EAC (Exchange Admin Center ), click here for details (applies to Exchange 2013, 2016 and Office 365 only).

Add impersonation rights using ps PowerShell

  1. Run ps Powershell.
  2. Check the Powershell version by typing cmdlet:

    $PSVersionTable
    • The empty response means you are using version 1.0.
    • For versions 2.0 and newer you should see detailed answer.
    • We recommend to keep PowerShell updated to avoid compatibility problems. To download the newest version of PowerShell please visit this Microsoft website.
  3. If the Exchange Server is in remote location for example hosted or you are connecting to Office 365 learn how to connect to remote Exchange via Powershell. To manage permissions locally (MS Exchange Server on-premises or when logged on to remote Exchange via Remote Desktop, etc.) execute the below commands in ems Exchange Management Shell.
  4. Check if the account in question already has the impersonation rights assigned.

    Get-ManagementRoleAssignment -RoleAssignee "<account name>" -Role ApplicationImpersonation -RoleAssigneeType user
    • where <account name> is the name of the administrator account on the target server you want to check
  5. Add impersonation rights:

    New-ManagementRoleAssignment –Name:<impersonation Assignment Name> –Role:ApplicationImpersonation –User: "<account name>"
    • where <impersonation Assignment Name> is a name of your choice for this assignment. Be aware, each assignment should have a unique name. You can omit Name switch and a unique assignment name will be created automatically.
  6. You can remove impersonation rights with this command if necessary:

    Get-ManagementRoleAssignment -RoleAssignee "<account name>" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment

Add impersonation rights using EAC (Exchange Admin Center)

  1. Log on to Office 365 using an admin account or log on to the Exchange Admin Center (https://localhost/ecp). On Office 365 access the Exchange tab:
     
    285-1
    Fig. 1. Exchange Admin Center on Office 365.
  2.  Next, go to the Permissions then admin roles and choose Discovery Management by double-clicking it:
     
    285-2
    Fig. 2. Discovery Management.
  3. Add the Role ApplicationImpersonation as well as your admin user as the group member:
     
    285-3
    Fig. 3. Add correct role and users.

Please note that according to Microsoft Office 365 Small Business plans cannot assign Impersonation rights manually. The default built-in admin account is the only one who can hold such permission.

See also:

Our Clients:
Unicef
Facebook
Shell
T-Systems
Loreal
Casio
UPS Israel
Oford University
Mitsubishi Motors
Toshiba TEC UK Imaging Systems Ltd
Illinois Institute of Technology
MAN Diesel
McDonalds India
Skoda Auto
Bank of Israel
Fujifilm
China Mobile
Santander
Samsung SDI
Skanska
Generali
Telmex
Toyota Tsusho
BECHTEL
Ricoh
BAE SYSTEMS
Federação Portuguesa de Futebol
Credit Agricole
HYUNDAI
Rothschild
Toyota Boshoku
Oriflame Romania
ING
Ikea
Nordea

Partners, certificates & awards