Why can't assign the applicationimpersonation in exchange 2010?

This is using MS Exchange Server 2010 with SP1, in MS Windows 2008 r2-based AD Domain. We want to assign the role - applicationimpersonation to a service account. Please see steps (powershell) we conducted as follows:

    a.  type - get-managementrole -roletype applicationimpersonation

         result: <blank>

   b. type - new-managementscope -name resourcemailboxes -recipientrestrictedfilter: recipientfilter

       result: no problem

   c. type - new-managementroleassignment -name resourcesimpersonation -role applicationimpersonation -user <service account>  -customrecipientwritescope resourcemailboxes

      result: error - The "applicationimpersonation" management role can't be found. Check the role entry name, and try again.

What's missing. Does this applicationimpersonation does not exist?
LVL 1
MichaelBalackAsked:
Who is Participating?
 
MichaelBalackAuthor Commented:
Hi all,

Think there are few missing objects in Exchange Powershell for Exchange 2010. After applying the following 3 commands,

Add-pssnapin Microsoft*  
 Install-CannedRbacRoles  
 Install-CannedRbacRoleAssignments  

Close and then re-open the Exchange Powershell, wow... the new-managementroleassignment with role - applicationimpersonation can be applied without problem.
0
 
MichaelBalackAuthor Commented:
There is a article to suggest to upgrade the Exchange Schema

In order to check ApplicationLmpersonation in AD, we could refer to the following steps to check:

    Run “ADsiedit” in Run;
    Navigate to Configuration[domainname]>service>Microsoft Exchange>domain name>RBAC>Roles;
    Check if ApplicationImpersonation is in this OU.

If we didn’t find ApplicationImpersonation, we could upgrade AD schema  and prepare AD domain

I checked, and this applicationimpersonation does not exist.
0
 
Todd NelsonSystems EngineerCommented:
If you run "get-managementrole" from the Exchange Management Shell, do you see ApplicationImpersonation in the listed role types?  If not, it sounds like the user you are logged into the Exchange server with is not a member of the "Organization Management" domain group.

On another note, why are you still running Exchange 2010 with SP1?  Exchange 2010 SP1 hasn't been supported since the beginning of 2013.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
MichaelBalackAuthor Commented:
Hi Todd,

Yes, application Impersonation is there.

Now is upgraded to SP3.
0
 
MichaelBalackAuthor Commented:
However, when try to run the new-mangementroleassignment, look like no permissions to do it as attached.
Impersonation.JPG
0
 
Todd NelsonSystems EngineerCommented:
How odd.  Never experienced that before.  Thanks for sharing your resolution.
0
 
MichaelBalackAuthor Commented:
By applying the 3 powershell commands, applicationimpersonation is working
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.