Applying Application Impersonation permissions for the Sent Items Update account

Abstract

You wish to use the Sent Items Update options, but have been unable to run the scripts in the configuration wizard or would like to apply the permissions manually. Specific permissions for the Exclaimer Mail Archiver Exchange Mailbox Access account are required to import emails from Exchange and to use the “Restore to mailbox" feature.

Description

The permissions required vary depending on the version of Microsoft® Exchange your mailbox server is using:

• Microsoft® Exchange 2003 and Microsoft® Windows® Small Business Server 2003.
• Microsoft® Exchange 2007 and Microsoft® Windows® Small Business Server 2008.
• Microsoft® Exchange 2010, Microsoft® Exchange 2013, Microsoft® Exchange 2016 and Microsoft® Windows® Small Business Server 2011.

Please follow the steps in the appropriate subsequent section to setup the correct permissions.

Microsoft® Exchange 2003 and Microsoft® Windows® Small Business Server 2003

The user account used must have the 'Exchange Administrator' role. To achieve this, please follow these steps on a Microsoft® Exchange server in your organization:

1. Click Start, click All Programs, click Microsoft Exchange, and then click System Manager:
   
   


2. Right-click the organization or the Administrative Group where you want to delegate administrative permissions, and then click Delegate control:
   
   


3. The Exchange Administration Delegation Wizard starts, click Next.
4. On the Users or Groups page, click Add.
5. In the Delegate Control dialog box, click Browse.
6. In the Select Users, Computers, or Groups dialog box, click the appropriate location in the Look in box and click the name of the user that you wish to use:
   
   


7. Under Role in the Delegate Control dialog box, choose 'Exchange Administrator' and then click OK:
   
   


8. The user that you added appears in the Users and Groups list.
9. Click Next, and then click Finish.
10. The user account you wish to use now has the required permission.

Note: If you have multiple Administrative Groups you will need to repeat the steps above for each Administrative Group.

Microsoft® Exchange 2007 and Microsoft® Windows® Small Business Server 2008

The user account used must have the 'Store Admin' permission. To achieve this, please follow these steps:

1. Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Shell:
   
   


2. A black PowerShell window will appear. Enter the following command and press ENTER:
   
   Get-MailboxDatabase | Add-ADPermission -User <Username here> -AccessRights ExtendedRight -ExtendedRights ms-Exch-Store-Admin
   (Replacing with the user account you wish to use.)
   


3. The user account you wish to use now has the required permission.

Microsoft® Exchange 2010, Microsoft® Exchange 2013, Microsoft® Exchange 2016 and Microsoft® Windows® Small Business Server 2011

1. Click Start, click All Programs, click Microsoft Exchange Server 2010/2013, and then click Exchange Management Shell:
   
   


2. A black PowerShell window will appear. Enter the following command and press ENTER:
   
   Get-MailboxDatabase | Add-ADPermission -User <Username here> -AccessRights ExtendedRight -ExtendedRights ms-Exch-Store-Admin
   (Replacing with the user account you wish to use.)
   


3. Enter the following command and press ENTER:
   
   $ExchangeServer = Get-ExchangeServer | where {$_.IsClientAccessServer -eq $true} | where {$_.IsValid -eq $true} | where {$_.IsExchange2007OrLater -eq $true} | where { $_.AdminDisplayVersion.Major -ge 14 }
4. Enter the following command and press ENTER:
   
   $ExchangeServer | ForEach-Object { New-ManagementRoleAssignment -Role ApplicationImpersonation -User (Get-User -Identity "<Username here>" | select-object).identity }
   (Replacing with the user account you wish to use.)
   


5. Close the PowerShell window.
6. The user account you wish to use now has the required permission