Impersonation Rights to generate resource reports

Configuring impersonation rights


In order to retrieve granular level details for the following reports, ARKES requires the Exchange Server credential provided to have impersonation rights.

    a) Read Mail Item
    b) Unread Mail Item
    c) Deleted Mail Item
    d) High Importance Mail Item
    e) Normal Importance Mail Item
    f) Low Importance Mail Item
    g) Junk Mail Item
To assign Impersonation rights for a user, walk through the respective Exchange Server sections.
For Exchange 2013 or Exchange 2016
          Prerequisites:

                    Administrative credential for the server running Exchange 2013 or Exchange 2016 to assign role for a user in EAC.
          Using EAC:
    • Create a mailbox enabled account, say ARKES Service Account in Exchange Server organization.
    • Launch the Exchange Admin Center (EAC) and browse to Permissions -> Admin roles. Click the “+” sign to add a new role..

      To access the EAC by going to http://serverFQDN/ecp/default.aspx  page
    • Create a role with the following specifications.
      Name: User Impersonate.
      Description: User role with impersonation rights for ARKES.
      Write Scope: Default.
      Roles: Add the Role name “ApplicationImpersonation”.
      Members: Add the User “ARKES Service Account ”.
    • Save the changes and wait for few minutes for the settings to replicate.
    For Exchange 2010
    Prerequisites:

      i) Administrative credentials for the server running Exchange 2010 that has Client Access server role installed.

      ii) Domain Administrator credentials, or a credential with permission to create and assign roles and scopes.

      iii) Remote PowerShell installed on the computer from which you will run the command.

           Using Management Shell:
    • Create a mailbox enabled ARKES Account, say ARKES Service Account in Exchange Server organization.
    • Open the Exchange Management Shell.

      Run New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:ARKES Service Account command.
           Using PowerShell:
    • Open PowerShell and run the following cmdlets in the specified order:

      "Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010"

      Run New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:ARKES Service Account command
    For Exchange 2007
    Prerequisites:

      i) Administrative credentials for the server running Exchange 2007 that has Client Access server role installed.

      ii) Domain Administrator credentials, or a credential with permission to create and assign roles and scopes.

           Using Management Shell:
    • Create a mailbox enabled ARKES Account, say ARKES Service Account in Exchange Server organization.
    • Open the Exchange Management Shell.

      Run Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object
      {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity ARKES Service Account |
      select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
      command.
           Using PowerShell:
    • Open PowerShell and run the following cmdlets in the specified order:

      "Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010"

      Run Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object
      {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity ARKES Service Account |
      select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
      command.