Tiny Deathstars of Foulness

Exchange Impersonation Rights allow a user to impersonate the account of another user. To enable impersonation rights use the New-ManagementRoleAssignment command let. To enable Impersonation rights for an account called krypted (samAccountName), use the following commandlet: New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User: krypted To remove those rights, use the Remove-ManagementRoleAssignment commandlet. Below we’ll run a Get-ManagementRoleAssignment to finds the user krypted with the appropriate role and then pipe that to the Remove-ManagementRoleAssignment commandlet: Get-ManagementRoleAssignment -RoleAssignee "krypted" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment

April 4th, 2014

Posted In: Active Directory, Microsoft Exchange Server

Tags: , ,