Hi, I am trying to configure exchange impersonation using the command - Add-ADPermission -Identity (get-exchangeserver -Identity MyServer).DistinguishedName -User (Get-User -IdentityMyUser | select-object).identity -extendedRight ms-Exch-EPI-Impersonation When I run this I am getting this error: You do not have permissions to read the security descriptor on CN=MyServer,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=AB,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyDomain,DC=com.At line:1 char:1+ A <<<< dd-ADPermission -Identity (get-exchangeserver -Identity sdpdem).DistinguishedName -User (Get-User -Identity conf | select-object).identity -extendedRight ms-Exch-EPI-Impersonation I have logged in as Administrator and I was able to run this command successfully once before. All of a sudden it has started giving this error. What could be the problem? Please help. Thanks.

Make sure that account you are using is a member of local admin group of your Exchange 2007 client access server and a member of domain admin group.

Yes. The logged in account "Administrator" is a member of local admin group and domain admin gruop. The mailbox I am trying to configure impersonation is a normal domain user. Am I missing something here? Thanks.

Hi, As Exchange Impersonation is a development concept, I guess youd better put your post on our development forum: http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=838&SiteID=17 Here are prerequisites for running this: Administrative credentials for the computer that is running Exchange 2007 that has the Client Access server role installed Domain Administrator credentials For more information: http://msdn.microsoft.com/en-us/library/bb204095(EXCHG.80).aspx Thanks, Elvis

Hi, Thanks for replying. I'll post my query in the dev forum. FYI, the account that is running is "Administrator" and is a memebr of the following groups: 1. Administrators 2. Domain Admins 3. Domain Users 4. Enterprise Admins 5. Exchange Organization Administrators 6. Group Policy Creator Owners 7. Schema Admins 8. Windows-Authorization-Access-Group The Exhange Server that is running is a 32-bit trial version. Thanks, Poornima