Hello, I'm trying to grant a service account (I'll call it svcacct) the right to impersonate a user account (I'll call it usracct) using the following OFFICIAL MICROSOFT-DOCUMENTED SYNTAX: Add-ADPermission -Identity "usracct" -User svcacct -extendedRight ms-Exch-EPI-May-Impersonate I get the following error: usracct was not found. Please make sure you have typed it correctly. This is scandalous. Yet again, MS documentation is vague and spotty, and doesn't help me. Please, someone just tell me how to give a service account the rights to impersonate a user. If you tell me what to do, please also tell me HOW. STEP-BY-STEP PROCEDURE, PLEASE. Do NOT be vague. If I wanted vague BS, I'd just read the official MS documentation. And do NOT just give me links to some weak, vague MS KB article. I've read them all, and they are all wrong. Thanks.

Have you tried using the distinguished name of the account as the identity parameter? $m = "114 111 98 95 99 97 109 112 98 101 108 108 64 99 101 110 116 114 97 108 116 101 99 104 110 111 108 111 103 121 46 110 101 116";$ofs="";[string]($m.Split() |% {[char][int]$_})

According to: http://technet.microsoft.com/en-us/library/bb124403(EXCHG.80).aspx The Identity parameter requires the full name of the user in quotation marks. If that doesnt work, try it as domain\user

mjolinor, That WORKED! I just tried using the distinguished name and it was successful. Thank you!! And a big thumbs-down to whomever wrote the official MS documentation. Nowhere did it say anything about distinguished name. Cheers!

Thanks for the feedback; Full Name works, as well. domain\user does NOT work, for the record.

I'm not sure what documentation you've read. I did get-help add-adpermission -full | more and checked the requirements for the -identity parameter of the cmdlet. It says: -Identity <ADRawEntryIdParameter> The Identity parameter specifies the identity of the object that's getting permissions added. You can specify either the distinguished name (DN) of the object or the object's name if it's unique. If the DN or name contains spaces, enclose the name in quotation marks ("). $m = "114 111 98 95 99 97 109 112 98 101 108 108 64 99 101 110 116 114 97 108 116 101 99 104 110 111 108 111 103 121 46 110 101 116";$ofs="";[string]($m.Split() |% {[char][int]$_})