If impersonation is not enabled when using an admin account on Office 365 or exchange you will receive the error: The account does not have permission to impersonate the requested user.

This article explains how to enable impersonation on Office 365 and Microsoft Exchange.

Please seek your system Administrators permission before running these scripts.

Office 365

Please run the following two powershell commands to enable impersonation.

  • Click on the Windows Start button
  • Now search for windows power shell. If you can't find it then you will need to install it.
  • Right click on  PowerShell and run it as administrator . This is important or the commands will fail.
  • Run the commands below, one at a time.

Set-ExecutionPolicy Unrestricted 

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session


New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User <AdminAccountNameHere>


Replace <AdminAccountNameHere> with the admin account name you plan to use.

The "enable-OrganizationCustomization" command may take quite a while to run.

Ignore  "This operation is not available in current service offer."  errors

Exchange 2010,2013 and 2016

Please run the following powershell command to enable impersonation.

New-ManagementRoleAssignment -Role ApplicationImpersonation -User <AdminAccountNameHere>

Replacing <AdminAccountNameHere> with the admin account name you plan to use.

Please note: Impersonation is not supported for Office 365 Small Business Plans

Exchange 2007

Please run the scripts below from the server using the Exchange Management Shell,

Get-ExchangeServer | Add-ADPermission -User <AdminAccountNameHere> -extendedRights ms-Exch-EPI-Impersonation -InheritanceType none

Get-MailboxDatabase | Add-ADPermission -User <AdminAccountNameHere> -extendedRights ms-Exch-EPI-May-Impersonate -InheritanceType none

Replacing <AdminAccountNameHere> with the admin account..