Exchange Impersonation Rights allow a user to impersonate the account of another user. To enable impersonation rights use the New-ManagementRoleAssignment command let. To enable Impersonation rights for an account called krypted (samAccountName), use the following commandlet: New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User: krypted To remove those rights, use the Remove-ManagementRoleAssignment commandlet. Below we’ll run a Get-ManagementRoleAssignment to finds the user krypted with the appropriate role and then pipe that to the Remove-ManagementRoleAssignment commandlet: Get-ManagementRoleAssignment -RoleAssignee "krypted" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment
-
-
Managing Role Assignments For Exchange In PowerShell
When running mailbox exports, move requests, etc in Exchange 201x you might get an error. This is because the Management Role Assignments have changed ever so slightly. In order to provide an account the ability to do certain tasks, you can use the New-ManagementRoleAssignment powershell cmdlet to process a request. To do so, pick a user (in this case the username is kryptedadmin) using the -User option and choose roles to assign (in this case, mailbox, export and import) using the -Role option. The command then looks as follows: New-ManagementRoleAssignment -Role "Mailbox Import Export" -User kryptedadmin To see if your roles were properly applied: Get-ManagementRoleAssignment -Role "Mailbox Import Export" |…