Environment
Retain 3.x Exchange Module
Situation
The logs say that the user does not have rights to access the email box.
Resolution
The [impersonationUserName] is the impersonation user Retain uses to access Exchange mailboxes.
To check the impersonation account, run this command in Exchange Management Shell:
Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user
If the command line returns without any output then the user does not have rights.
To get a list of all the rights the impersonation account has:
Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]"
To remove ApplicationImpersonation rights from a user you can use this command.
Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment
If you wish to create a new Impersonation Account user. Create a new user in Exchange and run the PowerShell script :
Give the Role a name [ImpersonationAssignmentName]
New-ManagementRoleAssignment –Name [ImpersonationAssignmentName] –Role ApplicationImpersonation –User
"[impersonationUserName]"
Note: The Impersonation User cannot have Administrator rights. That is a MS built-in security measure.
Additional Information
This article was originally published in the GWAVA knowledgebase as article ID 2362.