Configuring impersonation rights


To assign Impersonation rights for a user, walk through the respective Exchange Server sections.
For Exchange Online
          Please refer the following article:

                    https://msdn.microsoft.com/en-us/library/office/dn722376%28v=exchg.150%29.aspx
For Exchange 2013
          Prerequisites:

                    Administrative credential for the server running Exchange 2013 to assign role for a user in EAC.
          Using EAC:
    • Create a mailbox enabled account, say EDC Service Account in Exchange Server organization.
    • Launch the Exchange Admin Center (EAC) and browse to Permissions -> Admin roles. Click the “+” sign to add a new role..

      To access the EAC by going to http://serverFQDN/ecp/default.aspx  page
    • Create a role with the following specifications.
      Name: User Impersonate.
      Description: User role with impersonation rights for EDC.
      Write Scope: Default.
      Roles: Add the Role name “ApplicationImpersonation”.
      Members: Add the User “EDC Service Account ”.
    • Save the changes and wait for few minutes for the settings to replicate.
For Exchange 2010
    Prerequisites:

      i) Administrative credentials for the server running Exchange 2010 that has Client Access server role installed.

      ii) Domain Administrator credentials, or a credential with permission to create and assign roles and scopes.

      iii) Remote PowerShell installed on the computer from which you will run the command.

           Using Management Shell:
    • Create a mailbox enabled EDC Account, say EDC Service Account in Exchange Server organization.
    • Open the Exchange Management Shell.

      Run New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:EDC Service Account command.
           Using PowerShell:
    • Open PowerShell and run the following cmdlets in the specified order:

      "Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010"

      Run New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:EDC Service Account command
For Exchange 2007
    Prerequisites:

      i) Administrative credentials for the server running Exchange 2007 that has Client Access server role installed.

      ii) Domain Administrator credentials, or a credential with permission to create and assign roles and scopes.

           Using Management Shell:
    • Create a mailbox enabled EDC Account, say EDC Service Account in Exchange Server organization.
    • Open the Exchange Management Shell.

      Run Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object
      {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity EDC Service Account |
      select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
      command.
           Using PowerShell:
    • Open PowerShell and run the following cmdlets in the specified order:

      "Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010"

      Run Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object
      {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity EDC Service Account |
      select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
      command.