Setting up Application Impersonation is only required if you are migrating to/from Microsoft Exchange Server. Microsoft 365 uses Modern Authentication which does not require Application Impersonation.
Application Impersonation can be used by the CloudM Migrate to impersonate users so knowledge of their credentials is not required. In order to setup Application Impersonation using PowerShell, the following steps should be carried out.
If migrating users to or from BPOS or some hosted Exchange systems, then it is not possible to setup Application Impersonation and eitherdelegated access or the users' passwords must be used for the migration.
To apply the Application Impersonation role to your admin account, run the following command in a PowerShell session on your Exchange server. Replace ADMIN
with the email address of your admin user.
New-ManagementRoleAssignment –Name "CloudMMigrateImpersonation" –Role "ApplicationImpersonation" –User ADMIN
Enabling Basic Authentication
It often useful to enable Basic authentication for the Exchange Web Services endpoint, as to use Ntlm you must be logged into the workstation running the migration tool as the migration admin user. Run the following to enable Basic authentication, replacing the name of the site if required.
Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -BasicAuthentication $true
Exchange 2007
- Start the Exchange PowerShell Console
- Run the following commands in the PowerShell session, replacing the admin email with the email address of the user you will use to perform migrations
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity ADMIN_EMAIL | select-object).identity -extendedRight ms-Exch-EPI-Impersonation} Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User ADMIN_EMAIL -ExtendedRights ms-Exch-EPI-May-Impersonate}