Fixing The account does not have permission to impersonate the requested user permissions error
Quite a few times recently students on Veeam Certified Engineer (VMCE) course has asked me how they can fix the error The account does not have permission to impersonate the requested user which might occur when trying to restore an e-mail to its original location.
First lets talk about what Veeam Explorer for Exchange does. It is a tool for restoring single items from your Exchange server from your Veeam backups.
It has an easy to use Explorer like interface – I would say almost anyone could use this without any experience.
“Unfortunately” you might see the below error message when restoring mail(s) another users mailbox. This is due to Exchange permissions which has changed much throughout version increments.
The account does not have permission to impersonate the requested user
For newer versions of Exchange (2010 in the blog post) this is due to missing permissions.
These permissions need to be assigned to the user performing the restore to the user where you are restoring the e-mail(s) back to.
It could however be interesting to resolve this for all current and future users!
Fortunately we can do that quite easily using Powershell.
If you are not sure which mailbox databases you have you can use:
In this example we will assign the account Administrator the necessary permissions:
Get-MailboxDatabase -identity “Mailbox Database 0815629221” | Add-ADPermission -user Administrator -AccessRights GenericAll
Now you are perhaps thinking ok ok great for your homelab Rasmus, but I have a gazillion mailbox databases.
No problem you could just drop the identity part and process ALL mailbox databases:
If this was useful PLEASE post a comment J