Ask a Question

Impersonation - Exchange Migration

0 votes
by (220 points)

Hi.

I'm trying to configure my application to migrate a lot of mail accounts to Office 365 using Imap Impersonation (following the post in the Rebex Forum: http://forum.rebex.net/2359/imap-impersonation-how-to-do-it?show=2359#q2359). Basically I set up my server and the mail accounts in according to the instructions in following link: http://cloudfinder.com/user-impersonation-settings-office-365/.

When I try to connect in referred account, the system trhows the error: User is authenticated but not connected (BAD). I can only connect if I sign the 'Full Access' permission on target account. Is there any configuration that can be done in my code to connect to the target account without assigning 'Full Access' permission?

Thank you!

Applies to: Rebex Secure Mail

2 Answers

+1 vote
by (148k points)
selected by
 
Best answer

Sorry for the late reply. This seems to be slightly beyond the scope of our support (it looks like a server configuration issue), but we will look into it anyway as time permits because it would be useful to know. We know for sure that impersonation works in some configurations in Exchange 2010 and later, but we are not sure about Office 365.

Alternatively, you might try using Rebex Ews object (part of Rebex Secure Mail as well) to access Office 365 - it has an API similar to the Imap object and supports impersonation as well.

0 votes
by (15.2k points)

Hi,

Here is a summary of information that we gathered from the web and from our Exchange administrator, who migrated our accounts few weeks ago. What you need to do is to allow impersonation of your service account as a malbox user. That is what you have already done following the instructions at http://cloudfinder.com/user-impersonation-settings-office-365/. In addition to this, you need to set permissions to make it possible to perform specific operations. By default, an account that has impersonation access is granted the "Send as" permission only. Additional permissions are "Send on Behalf" and "Full Access". So it seems that you indeed need to grant "Full Access" permission to your impersonating account, which is what you already mentioned. Here are some links to MSDN pages that lead us to these conclusions:

Permission list
https://technet.microsoft.com/en-us/library/jj919240(v=exchg.160).aspx

Impersonation
https://msdn.microsoft.com/en-us/library/office/dn722377(v=exchg.150).aspx

If you discover any additional information we are not yet aware of, please let us know.

...