Bize Ulaşın / Contact Us

CRM Logo

Configuring Impersonation role for a specific AD group in Dynamics CRM Exchange Server Side Sync

You need to be careful if you need to setup server-side synchronisation between Dynamics CRM and Exchange Server as you are going to use Application Impersonation role and it has really too much permissions on mailboxes. The user has this role should be handled like any other Exchange administrator role.

And I strongly recommend you to create a scope of users to limit it.

Normally running the single line command below is enough to assign ApplicationImpersonation role to the CRMImpSync user. But this will give this permission to the user on all mailboxes.

So, please create a management scope first, to do this you will need an Active Directory security group that contains all CRM users in your organisation.

In my case, I have been given the built-in CRM reporting group to define the scope.

Let’s do the configuration’ step-by-step.

1. We get Distinguished Name (DN) of the group to the $CRMUsersDN variable,

You can create an AD security group for your CRM users and use that to create the management scope as well.

2. We create a management scope named CRMImpScope by using the DN information of our group,

3.  Now we assign the Application Impersonation role to the CRMImpSync user the on the management scope named CRMImpScope .

Now our user has the application impersonation rights on the AD Security group as we wish.

Hope it helps

Leave a Reply

Your email address will not be published. Required fields are marked *

Kontrol / Control * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.