I was asked to restore a users mailbox recently in Veeam, to do this we use the Veeam Exchange Explorer, I go through how to restore in the guide here.

On this occasion when I set the restore of the mailbox away I was greeted with the following error.

The user I was logged in as did not have the correct permissions to impersonate the user who needed their mailbox restoring. We need to give the account rights to do so, here is how.

Configuring Impersonation For Applications Via EAC

We discussed in an earlier article how to create roles in Exchange 2013 , here we create a role to allow our user to impersonate. Launch the EAC and browse to permissions > Admin roles. Click the “+” sign to add a new role.

Once done we need to create the role with the following specifications – see the image below.

• Name: User Impersonate.
• Discription: Allows this user to impersonate other user when restoring mailboxes.
• Write Scope: Default.
• Roles: Add the Role name “ApplicationImpersonation”.
• Members: Add the User “The User you would like to use”.

Once done save your changes and allow a few moments for the settings to replicate. You will now be able to restore your Exchange mailbox items in Veeam.

Configuring Impersonation For Applications Via Power Shell

We can also do the above Via Power shell, the commands are seen below.

New-ManagementRoleAssignment -Name:VeeamUserImpersonisation -Role:ApplicationImpersonation -User:Your_User_Account

To remove the permissions we run the following command.

Get-ManagementRoleAssignment | Where {$_.Role -eq “ApplicationImpersonation” -and $_.RoleAssigneeName -eq “Your_User_Account“} | Remove-ManagementRoleAssignment

Tags: ApplicationImpersonisation, Backup

• Next
• Prev