Introduction - Crestron Electronics



How to Configure Impersonation in O365IntroductionImpersonation is a feature in Microsoft Exchange that allows a caller or application to impersonate an account. The caller or application is allowed to operate as if it is the impersonated account giving it the same rights to the account as the owner.Impersonation is available starting with Exchange 2013 and newer and Office 365. In order to assign permissions these versions use role-based access control (RBAC). The Exchange administrator will need to grant the service account the ApplicationImpersonation role by using the New-ManagementRoleAssignment cmdlet in PowerShell.Configure to ApplicationImpersonation roleThe following role parameters can be configured using the New-ManagementRoleAssignment cmdlet.Name – This is the friendly name of the role assignment. Any time a role is assigned it is added to the RBAC role list. To verify role assignments use the Get-ManagementRoleAssignment cmdlet.Role – This is the actual role that is assigned. For example, when setting up impersonation for an account you will assign the role of ApplicationImpersonation.User – This is the account name that will be assigned the new role. Continuing the example above this would be the service account.CustomRecipientScope – This defines the scope of users or accounts that can be impersonated by the account being granted impersonation. In the example previous mentioned, this would be the service account. If no scope is assigned specifically, the account is granted impersonation to all users in the organization. To create custom recipient scopes use the New-ManagementScope cmdlet.In order to configure impersonation the following is required:Administrative rights to the Exchange server.Domain Administrator rights granting the ability to create and assign roles and scopes.Exchange Management Tools. Configure impersonation for all users in the organizationOpen Exchange Management Shell. To get there go to Start > Programs.Locate the Microsoft Exchange Server application.Run the New-ManagementRoleAssignment cmdlet to grant the service account permission to impersonate. Reminder that this will give the account the ability to impersonate all users in the organization.Here is the PowerShell command:New-ManagementRoleAssignment –name:ImpersonationAssignmentName –Role:ApplicationImpersonation –User:serviceaccountConfigure impersonation for specific users or groupsOpen Exchange Management Shell. To get there go to Start > Programs.Locate the Microsoft Exchange Server application.Run the New-ManagementScope cmdlet. This is used to create a scope which the impersonation role can be assigned. You do not need to do this step if the scope already exists. Here is the PowerShell command:New-ManagementScope –Name:scopeName –RecipientRestrictionFilter:recipientFilterThe RecipientRestrictionFilter defines the members of the scope. You can use the properties of users or accounts to create the filter. Below is an example of a filter that will only find a user with the name "john."Windows PowerShellCopyName –eq "john"Run the New-ManagementRoleAssignment cmdlet to add the specified account for impersonation to the specified scope. Here is the PowerShell command:New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount –CustomRecipientWriteScope:scopeName ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download