Avatar of MichaelBalack
MichaelBalackFlag for Singapore

asked on 

Why can't assign the applicationimpersonation in exchange 2010?

This is using MS Exchange Server 2010 with SP1, in MS Windows 2008 r2-based AD Domain. We want to assign the role - applicationimpersonation to a service account. Please see steps (powershell) we conducted as follows:

    a.  type - get-managementrole -roletype applicationimpersonation

         result: <blank>

   b. type - new-managementscope -name resourcemailboxes -recipientrestrictedfilter: recipientfilter

       result: no problem

   c. type - new-managementroleassignment -name resourcesimpersonation -role applicationimpersonation -user <service account>  -customrecipientwritescope resourcemailboxes

      result: error - The "applicationimpersonation" management role can't be found. Check the role entry name, and try again.

What's missing. Does this applicationimpersonation does not exist?
PowershellExchangeWindows OS

Avatar of undefined
Last Comment
MichaelBalack
Avatar of MichaelBalack
MichaelBalack
Flag of Singapore image

ASKER

There is a article to suggest to upgrade the Exchange Schema

In order to check ApplicationLmpersonation in AD, we could refer to the following steps to check:

    Run “ADsiedit” in Run;
    Navigate to Configuration[domainname]>service>Microsoft Exchange>domain name>RBAC>Roles;
    Check if ApplicationImpersonation is in this OU.

If we didn’t find ApplicationImpersonation, we could upgrade AD schema  and prepare AD domain

I checked, and this applicationimpersonation does not exist.
Avatar of Todd Nelson
Todd Nelson
Flag of United States of America image

If you run "get-managementrole" from the Exchange Management Shell, do you see ApplicationImpersonation in the listed role types?  If not, it sounds like the user you are logged into the Exchange server with is not a member of the "Organization Management" domain group.

On another note, why are you still running Exchange 2010 with SP1?  Exchange 2010 SP1 hasn't been supported since the beginning of 2013.
Avatar of MichaelBalack
MichaelBalack
Flag of Singapore image

ASKER

Hi Todd,

Yes, application Impersonation is there.

Now is upgraded to SP3.
Avatar of MichaelBalack
MichaelBalack
Flag of Singapore image

ASKER

However, when try to run the new-mangementroleassignment, look like no permissions to do it as attached.
Impersonation.JPG
ASKER CERTIFIED SOLUTION
Avatar of MichaelBalack
MichaelBalack
Flag of Singapore image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Todd Nelson
Todd Nelson
Flag of United States of America image

How odd.  Never experienced that before.  Thanks for sharing your resolution.
Avatar of MichaelBalack
MichaelBalack
Flag of Singapore image

ASKER

By applying the 3 powershell commands, applicationimpersonation is working
Exchange
Exchange

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo