How to Configure Impersonation in O365


Download 7.86 Kb.
NameHow to Configure Impersonation in O365
A typeUser
How to Configure Impersonation in O365

Introduction


Impersonation is a feature in Microsoft Exchange that allows a caller or application to impersonate an account. The caller or application is allowed to operate as if it is the impersonated account giving it the same rights to the account as the owner.

Impersonation is available starting with Exchange 2013 and newer and Office 365. In order to assign permissions these versions use role-based access control (RBAC). The Exchange administrator will need to grant the service account the ApplicationImpersonation role by using the New-ManagementRoleAssignment cmdlet in PowerShell.

Configure to ApplicationImpersonation role


The following role parameters can be configured using the New-ManagementRoleAssignment cmdlet.

Name – This is the friendly name of the role assignment. Any time a role is assigned it is added to the RBAC role list. To verify role assignments use the Get-ManagementRoleAssignment cmdlet.

Role – This is the actual role that is assigned. For example, when setting up impersonation for an account you will assign the role of ApplicationImpersonation.

User – This is the account name that will be assigned the new role. Continuing the example above this would be the service account.

CustomRecipientScope – This defines the scope of users or accounts that can be impersonated by the account being granted impersonation. In the example previous mentioned, this would be the service account. If no scope is assigned specifically, the account is granted impersonation to all users in the organization. To create custom recipient scopes use the New-ManagementScope cmdlet.

In order to configure impersonation the following is required:

  • Administrative rights to the Exchange server.

  • Domain Administrator rights granting the ability to create and assign roles and scopes.

  • Exchange Management Tools.



Configure impersonation for all users in the organization




  1. Open Exchange Management Shell. To get there go to Start > Programs.

  2. Locate the Microsoft Exchange Server application.

  3. Run the New-ManagementRoleAssignment cmdlet to grant the service account permission to impersonate. Reminder that this will give the account the ability to impersonate all users in the organization.

  4. Here is the PowerShell command:

    1. New-ManagementRoleAssignment –name:ImpersonationAssignmentName –Role:ApplicationImpersonation –User:serviceaccount

Configure impersonation for specific users or groups




  1. Open Exchange Management Shell. To get there go to Start > Programs.

  2. Locate the Microsoft Exchange Server application.

  3. Run the New-ManagementScope cmdlet. This is used to create a scope which the impersonation role can be assigned. You do not need to do this step if the scope already exists.

  4. Here is the PowerShell command:

    1. New-ManagementScope –Name:scopeName –RecipientRestrictionFilter:recipientFilter

The RecipientRestrictionFilter defines the members of the scope. You can use the properties of users or accounts to create the filter. Below is an example of a filter that will only find a user with the name "john."

Windows PowerShellCopy

Name –eq "john"

  1. Run the New-ManagementRoleAssignment cmdlet to add the specified account for impersonation to the specified scope.

  2. Here is the PowerShell command:

    1. New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount –CustomRecipientWriteScope:scopeName

Share in:

Related:

How to Configure Impersonation in O365 iconRemote Event Handlers in O365 & Azure Part 5: Setup the Windows Azure...

How to Configure Impersonation in O365 iconHow to configure oracle forms monitoring

How to Configure Impersonation in O365 iconConfigure iis 7 Output Caching

How to Configure Impersonation in O365 iconHow to configure a WebSphere Application Monitor for was 1?

How to Configure Impersonation in O365 iconHow to configure Struts framework in web xml

How to Configure Impersonation in O365 iconHow to configure sitescope dynamic jmx monitor Measurement to be...

How to Configure Impersonation in O365 iconUser shall be able to configure the Status Feed page to display events...

How to Configure Impersonation in O365 iconSap table Reader This connector is used only to read data from sap...

How to Configure Impersonation in O365 iconAbstract: In this hands-on, you create a dynamic adf region and configure...

How to Configure Impersonation in O365 iconAbstract: In this hands-on, you create a dynamic adf region and configure...




forms and shapes


When copying material provide a link © 2017
contacts
filling-form.info
search