-
Title
Security Explorer 7.x and up - How to configure Exchange 2010 mailbox Impersonation for a user -
Description
Security Explorer 7.x and up - How to configure Exchange 2010 mailbox Impersonation for a user -
Resolution
This information applies to:
Security Explorer 7.x and up
HOW TO:
Configure Exchange 2010 mailbox Impersonation for a User/Group
Enabling impersonation in Exchange 2010 requires a scope to which the impersonation role can be assigned. A scope specifies the location where the impersonation will be granted. In this example, a new Management Scope called SXPManage was created to impersonate all Mailboxes permission in the CyberMdia domain. The following PowerShell command was used:
New-ManagementScope -Name "SXPManage" -RecipientRoot "CyberMedia.local" -RecipientRestrictionFilter {RecipientType -eq "UserMailbox"}
Open the Exchange Management shell and run the above command, (figure 1).
Figure 1
Now, that the Management scope is created, a user can be assigned to the scope. In this example, CyberMedia\DCAdmin was granted permission to impersonate the “SXPManage” scope, using the following command:
New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:CyberMedia\DCAdmin –CustomRecipientWriteScope:SXPManage
Run the above command in the Exchange Management Shell, (figure 2).
Figure 2
Now when Security Explorer is opened, perform a Pre-requisites check, “User Impersonation” will pass, (figure 3).
![[image]](https://support.quest.com/KBArticleImages/SL4078/93a64e16.jpg)
Figure 3
Related Articles or Solutions:
http://msdn.microsoft.com/en-us/library/bb204095(v=EXCHG.140).aspx