In the documentation for the Exchange 3.0 RC connector, it describes how to configure Exchange to allow the workflow-account to use impersonation with two PowerShell commands.
However, due to a type-o in the documentation, the same command is written twice:
Add-ADPermission -Identity “<identity>” -User <domain>\<username> -extendedRight ms-Exch-EPI-May-Impersonate
Add-ADPermission -Identity “<identity>” -User <domain>\<username> -extendedRight ms-Exch-EPI-May-Impersonate
The command that is missing is the one that enables the impersonation function on the Exchange CAS-server(s). So you first need to enable it on the serverobject, and then on the specific mailbox.
The two correct command that needs to be run are these:
User1= Workflow-account userid in SCSM
User2=Mailbox account
- Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity User1 | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
- Add-ADPermission -Identity “User2 Fullname” -UserĀ User1 -extendedRight ms-Exch-EPI-May-Impersonate
