Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1057
  • Last Modified:

Issue with Impersonation in Exchange Server 2010

Hi Everyone,

I'm trying to use impersonation in my application to connect to user mailboxes and add/remove appointments.

I created an account called "EWSAdmin" and ran the following EMS commands on them:

New-ManagementScope -Name:"MyEWSImpersonation" -RecipientRestrictionFilter {memberofgroup -eq "cn=My User Container,DC=MyDomain,DC=local"}

New-ManagementRoleAssignment -Name:"MyEWSImpersonation" -Role:ApplicationImpersonation -User:"EWSAdmin@MyDomain.local" -CustomRecipientWriteScope:"MyEWSImpersonation"

 Just to confuse the issue, I called my scope EWSImpersonation, too.

When I try to connect to the user's mailbox to view an appointment (Using a third party DLL), I get the following error:

Throwing GeneralException e=The account does not have permission to
impersonate the requested user.

 If anybody could help me diagnose this, I'd appreciate it.


1 Solution
Chris PattersonSenior Systems EngineerCommented:
The objects you with to impersonate are not currently under the scope (i.e. managed) you have created.  See the following link for a good explination of the management role scopes:


If you grant the EWSAdmin account explicit permissions to the selected mailoxes, you would able to add/remove appointments.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now