It is possible to restore data to someone else’s mailbox using Exchange Impersonation. To do this, the current user credentials must have Exchange Impersonation access to the destination mailbox. Exchange Impersonation allows the user account that is being used to perform a mail restore, to access the destination mailbox by impersonating the mailbox owner's access.
The sections below show how to give the account performing a restore access to all mailboxes on the Exchange Server, so that mail items can be restored to any mailbox.
Configuring Exchange 2010 and later
Follow the steps below to enable Exchange Impersonation:
- Open the Exchange Management Shell.
- Run the following command in the Exchange Management Shell's command prompt. New-ManagementRoleAssignment -Name:impersonationAssignmentName -Role:ApplicationImpersonation -User:serviceAccount
The variable (username) is the user you're running as when attempting to connect to another mailbox. E.g. If you're logged in as a user name 'John' then the variable would be replaced with John.
For more information see the MSDN article http://msdn.microsoft.com/en-us/library/bb204095.aspx
Configuring Exchange 2007
Follow the steps below to enable Exchange Impersonation:
- Open the Exchange Management Shell.
- Run the following commands in the Exchange Management Shell's command prompt. Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User -ExtendedRights ms-Exch-EPI-May-Impersonate}Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
For more information see the MSDN article https://msdn.microsoft.com/en-us/library/bb204095(v=exchg.80).aspx
Note: The user account is displayed in the Restore to the Original Location window as Current user: domain \ username
To learn about Exchange Impersonation vs. Delegate Access, see the Microsoft MSDN Impersonation article.