Impersonation Permissions in Exchange 2010+
Manually configure impersonation when automatic setup fails.
Overview
Impersonation access allows Cloudiway to retrieve mailbox data on behalf of users during Exchange to Microsoft 365 migrations. This is essential for the migration account to access all user mailboxes.
Automatic vs Manual Setup
Cloudiway typically configures impersonation automatically if the connector account has Exchange administrator privileges. Manual setup is only needed when automatic configuration fails.
How Impersonation Works
When Manual Setup is Needed
Manual Configuration Required When:
The migration account lacks Exchange administrator privileges
Automatic setup failed during connector configuration
Security policies prevent automatic role assignment
Setup Steps
Exchange Management Shell Command
Run the following PowerShell command in the Exchange Management Shell to grant impersonation permissions:
New-ManagementRoleAssignment –Name "Impersonation MAAS" `
–Role "ApplicationImpersonation" `
–User "yourdelegateduser" Parameters Explained
- -Name: A friendly name for this role assignment (can be any descriptive name)
- -Role: Must be "ApplicationImpersonation" - this grants the impersonation capability
- -User: Replace with the actual account name defined in your Cloudiway connector
Replace the Username
yourdelegateduser with the actual username
of the migration account you configured in the Cloudiway source connector.
Example
If your migration account is migrationadmin@contoso.com:
New-ManagementRoleAssignment –Name "Impersonation MAAS" `
–Role "ApplicationImpersonation" `
–User "migrationadmin@contoso.com" After Configuration
Once the impersonation permissions are configured:
- ✓ Return to Cloudiway and test the connector
- ✓ The migration account can now access all user mailboxes
- ✓ Proceed with user list creation and migration