Applies to versions 8.1 and above; Author: Paweł Jawień
Configuring Exchange permissions for a user account that will modify other users’ Exchange server folders (e.g.: making entries into the calendar).
In order to implement an action that will be able to make entries in mailbox folders, the user account in the context of which the action is executed (i.e. the credentials which the action will use) will need to be assigned the following role: ApplicationImpersonation.
Roles can be assigned to users via Exchange Powershell or the ECP console.
Recommended method (Exchange 2013 – ECP console).
To more easily manage users assigned to the ApplicationImpersonation role, it is recommended to open the ECP console in the “Permissions” section of additional admin roles.
Add a new role, e.g.: “Impersonation”
In the “Organizational unit” menu it is possible to limit the role of the configured user account to a specific organizational unit of the Active Directory.
In the “Roles” table, add “ApplicationImpersonation”
In the “Members” table, add the user accounts which will be used to make entries in mailbox folders.
This group can be managed via the ECP console, as well as the Active Directory console.
The above configuration can also be carried out from Exchange Shell level, using the following command: New-ManagementRoleAssigment.
New-ManagementRoleAssignment –Name:impersonation –Role:ApplicationImpersonation –User:demo_BPS