If impersonation is not enabled when using an admin account on Office 365 or exchange you will receive the error: The account does not have permission to impersonate the requested user.


This article explains how to enable impersonation on Office 365 and Microsoft Exchange.


Please seek your system Administrators permission before running these scripts.


Office 365


Please run the following two powershell commands to enable impersonation.


  • Click on the Windows Start button
  • Now search for windows power shell. If you can't find it then you will need to install it.
  • Right click on  PowerShell and run it as administrator . This is important or the commands will fail.
  • Run the commands below, one at a time.


Set-ExecutionPolicy Unrestricted 


$LiveCred = Get-Credential


$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection


Import-PSSession $Session


Enable-OrganizationCustomization


New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User <AdminAccountNameHere>


Notes:-


Replace <AdminAccountNameHere> with the admin account name you plan to use.

The "enable-OrganizationCustomization" command may take quite a while to run.

Ignore  "This operation is not available in current service offer."  errors




Exchange 2010,2013 and 2016


Please run the following powershell command to enable impersonation.



New-ManagementRoleAssignment -Role ApplicationImpersonation -User <AdminAccountNameHere>



Replacing <AdminAccountNameHere> with the admin account name you plan to use.



Please note: Impersonation is not supported for Office 365 Small Business Plans



Exchange 2007



Please run the scripts below from the server using the Exchange Management Shell,


Get-ExchangeServer | Add-ADPermission -User <AdminAccountNameHere> -extendedRights ms-Exch-EPI-Impersonation -InheritanceType none


Get-MailboxDatabase | Add-ADPermission -User <AdminAccountNameHere> -extendedRights ms-Exch-EPI-May-Impersonate -InheritanceType none


Replacing <AdminAccountNameHere> with the admin account..