Try changing your group to a universal security group.

Hello all ! I would like to configure impersonation to development needs. I'm using Exchange SP2 Rollup 4 x64. My users are in a global security group "group1", in an OU "ou1". I would like the user "master.user" can impersonate the members of group "group1" I'm trying the following: (with real values) New-ManagementScope -Name "scope1" -RecipientRestrictionFilter { MemberOfGroup -eq "CN=group1,OU=Groups,CN=contoso,CN=com" } New-ManagementRoleAssignment -Name "role1" -Role:ApplicationImpersonation -User:master.user -CustomRecipientWriteScope "scope1" But nothing, I get the unauthorized to impersonate error. It works when I use the filter LastName with one of the member, so, it's the MemberOfGroup condition which fails. I've also tried with New-ManagementScope -Name "scope1" -RecipientRestrictionFilter { MemberOfGroup -eq "OU=ou1,CN=contoso,CN=com" } Thanks by advance

Try changing your group to a universal security group.