Impersonate Rights in Multi Tenant Environment

Hi,

we have an exchange 2013 multi tenant system running.

some customers asks now for impersonation rights assigned to a user for PBX systems to query the contacts folders.

is it possible to assign impersonationrights to a user, but this user should only allowed to query a set of users with the impersonation rights?

So, a user in Company1 should only query Company1 Users...

March 2nd, 2015 7:29pm
Hi,

You can use the following cmdlets to configure impersonation in a multi-tenant environment.

New-ManagementScope -PartnerDelegatedTenantRestrictionFilter {Name -eq '*'} -Name xxx
New-ManagementRole -Parent PartnerDelegatedTenantManagement -Name xxx
New-ManagementRoleAssignment -Role xxx -User xxx -CustomConfigWriteScope xxx

Hope this can be helpful to you.

Best regards,

If you have feedback for TechNet Subscriber Support, contact tnmff@mic
Free Windows Admin Tool Kit Click here and download it now
March 3rd, 2015 11:09am

hi,

thanks for your reply.

With the command

New-ManagementScope -PartnerDelegatedTenantRestrictionFilter {Name -eq '*'} -Name xxx

i'll defince the search scope, right? Can i define the filter OU Based? That the Filter can only search in out ou=company1,dc=site,dc=local ?

March 3rd, 2015 3:44pm

Hi,

You can use Set-AdServerSettings -RecipientViewRoot

https://technet.microsoft.com/zh-cn/library/dd298063(v=exchg.150).aspx

Thanks,

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Free Windows Admin Tool Kit Click here and download it now
March 4th, 2015 9:39pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics