This is using MS Exchange Server 2010 with SP1, in MS Windows 2008 r2-based AD Domain. We want to assign the role - applicationimpersonation to a service account. Please see steps (powershell) we conducted as follows:
a. type - get-managementrole -roletype applicationimpersonation
result: <blank>
b. type - new-managementscope -name resourcemailboxes -recipientrestrictedfilter: recipientfilter
result: no problem
c. type - new-managementroleassignment -name resourcesimpersonation -role applicationimpersonation -user <service account> -customrecipientwritescope resourcemailboxes
result: error - The "applicationimpersonation" management role can't be found. Check the role entry name, and try again.
What's missing. Does this applicationimpersonation does not exist?
ASKER
In order to check ApplicationLmpersonation in AD, we could refer to the following steps to check:
Run “ADsiedit” in Run;
Navigate to Configuration[domainname]>
Check if ApplicationImpersonation is in this OU.
If we didn’t find ApplicationImpersonation, we could upgrade AD schema and prepare AD domain
I checked, and this applicationimpersonation does not exist.