Steps to set Impersonation Rights for Live Exchange user account for Exchange 2007 and Lower version:

  • a) Configure Exchange Impersonation for a user on a server

    Open the Shell (Powershell/Exchange Management Shell). Run Add-ADPermission cmdlet to add the impersonation permissions on the server for the identified user.

    For example, to grant User1 permission to impersonate all accounts on an Exchange Server named CAS-01, use the following command:

    Command: Copy & Paste it on EMS

    Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity User1 | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}

  • b) Configure Exchange Impersonation for a user on a specific user

    Open the Shell. Run the Add-ADPermission Windows PowerShell command to add permission to impersonate an identified user.

    For example, to grant User1 permission to impersonate User2, use the following command:

    Command: Copy & Paste it on EMS

    Add-ADPermission -Identity "User2" -User User1 -extendedRight ms-Exch-EPI-May-Impersonate