Exchange Impersonation


Before creating an Exchange Connection, it is necessary to create an account in Exchange with full impersonate rights. This impersonation account is needed for the purposes of data import and synchronization.

 

Microsoft Exchange 2013/2016

 

Prerequisites:  Ensure that the Exchange server is assigned Client Access Role
 

MailArchiva integrates with Microsoft Exchange 2013 via the web services API.
 

  1. Login to Exchange 2013 Control Panel as Administrator
  2. Create a new mailbox called ‘journal’ in Microsoft Exchange or use an existing one that does not already have any Admin privileges assigned.
  3. Open the Exchange Management Shell
  4. Run the New-ManagementRoleAssignment cmdlet

To enable the ‘journal’ account to access all mailboxes, enter the following command:
 

New-ManagementRoleAssignment -Name:MailArchivaImpersonation -Role:ApplicationImpersonation -User:journal

 

To prevent Microsoft Exchange from throttling MailArchiva requests:
 

New-ThrottlingPolicy -Name mailarchiva -RCAMaxConcurrency $null -EWSMaxConcurrency $null -EWSMaxSubscriptions $null -EwsCutoffBalance $null -EwsMaxBurst $null -EwsRechargeRate $null -CPAMaxConcurrency $null
$b = Get-ThrottlingPolicy mailarchiva;
Set-Mailbox -Identity journal -ThrottlingPolicy $b;

 

Microsoft Exchange 2010

 

Prerequisites:  Ensure that the Exchange server is assigned Client Access Role

 

To ensure that the Client Access Role is assigned to the Microsoft Exchange server:

 

  1. Click Start, click Control Panel, click Programs, and then click Programs and Features.
  2. Click Microsoft Exchange Server 2010, and then click Change.
  3. On the User Account Control page, click Continue.
  4. In the Exchange Maintenance Mode dialog box, click Next.
  5. In Server Role Selection, if the Client Access Role check box is shaded or selected, the role is installed. Otherwise, it is not installed.
  6. Click Cancel to close the wizard

To create the impersonation account:

 

  1. Login to Exchange 2010 server as Administrator
  2. Create a new mailbox called ‘journal’ in Microsoft Exchange or use an existing one that does not already have any Admin privileges assigned.
  3. Open the Exchange Management Shell
  4. Run the New-ManagementRoleAssignment cmdlet

 
To enable the ‘journal’ account to access all mailboxes, enter the following command:
 

New-ManagementRoleAssignment -Name:MailArchivaImpersonation -Role:ApplicationImpersonation -User:journal

 

Note: It may take ten minutes or so for the impersonation rights to be applied. Thus, if you rerun the Exchange Connection Test too soon, it may still fail with an impersonation error.

 

To prevent Microsoft Exchange from throttling MailArchiva requests:

 

New-ThrottlingPolicy -Name mailmigration -EWSFindCountLimit $null -EWSFastSearchTimeoutInSeconds $null -EWSMaxConcurrency $null -EWSMaxSubscriptions $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null
$b = Get-ThrottlingPolicy mailmigration;
Set-ThrottlingPolicyAssociation -Identity journal -ThrottlingPolicy $b;

 

Note: It may take ten minutes or so for the impersonation rights to be applied. Thus, if you rerun the Exchange Connection Test too soon, it may still fail with an impersonation error.


 

Microsoft Exchange 2007

 

Prerequisites:  Ensure that the Exchange server is assigned Client Access Role
 

Integration with Microsoft Exchange 2007 occurs by way of Exchange’s inbuilt web services API. This API is enabled and accessible by default. However, to perform a successful import, one needs to use an account with sufficient privileges to access all mailboxes.
 
To do this:
 

  1.  Login to Exchange 2007 server as Administrator
  2. Either create a new mailbox called ‘journal’ in Microsoft Exchange or use an existing one that does not already have any Admin privileges assigned.
  3. Run the Exchange Management Shell
  4. Type the following into the Exchange Management shell:

 

Get-ClientAccessServer | Add-AdPermission -User journal -ExtendedRights ms-Exch-EPI-Impersonation
Get-MailboxDatabase | Add-AdPermission -User journal -ExtendedRights ms-Exch-EPI-May-Impersonate

 

Note: If necessary, substitute ‘journal’ to be the chosen username of the impersonation account.

 

Note: It is also possible to use the computer account created in Active Directory for the purposes of login (as described in Logins). In this case, the mailbox name should resemble the following: “service$@smallbusiness.local”.

 

Note: It may take ten minutes or so for the impersonation rights to be applied. Thus, if you rerun the Exchange Connection Test too soon, it may still fail with an impersonation error.

 

 

Microsoft Exchange 2003


 MailArchiva integrates with Microsoft Exchange 2003 using its WebDav API. It is thus necessary to ensure that WebDav is installed and configured as described in the below steps.

 

  1. Install and Enable WebDav IIS Component

 
From Add Remove Programs in the Control Panel, click Server -> Internet Information Services -> World Wide Web Service -> WebDAV Publishing, and ensure that WebDav Publishing is installed.



Once the Web Dav component is installed, ensure that it is allowed in the IIS Manager.

 

  1.  Grant A User Full Mailbox Rights

 
MailArchiva requires an account with sufficient privileges to read from all mailboxes in Microsoft Exchange.
 
a) Create a new mailbox called “journal” in Microsoft Exchange or use an existing one that does not already have any Admin privileges assigned.
 
b) On the server running Microsoft Exchange 2003, Start 'Exchange System Manager'.

c) Open the server object within the appropriate Administrative Group. Expand the server object. Expand the appropriate 'Storage Group'. Locate the required mailbox store, right-click and choose the 'Properties' option.


 
d) On the 'Properties' window click the 'Security' tab.

e) Click 'Add' and then click on the Active Directory service account click 'OK'.

f) Ensure that the ‘journal’ account is selected in the 'Name' box.

g) On the 'Permissions' list, click 'Allow' next to 'Full Control' and then click 'OK'.



h) Click 'Ok' to finish

Was this information helpful?
© 2005 - 2024 ProProfs

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

-