Product DocsMenu

Enabling Impersonation in Microsoft Exchange Online

The Coveo Exchange connector usually relies on the CES crawling identity to have full access permissions to all mailboxes and their corresponding archive to index content from an Exchange On-Premises Server.

In an Exchange hybrid deployment, full access permission does not allow the CES crawling identity to access remote archives through Exchange Online Web Services (EWS). Only user impersonation can grant the CES crawling identity access to each user's remote archives. In an information system, impersonation is a mechanism that enables an application such as Coveo Enterprise Search (CES) to perform tasks on behalf of a user.

Consequently, in an Exchange hybrid deployment, when you want to index remote archives hosted on Exchange Online, you must enable impersonation for the CES crawling identity in your Exchange Online organization.

In Microsoft Exchange Online, the impersonation rights are granted to a user through the Exchange ApplicationImpersonation built-in management role.

To add the ApplicationImpersonation role to the CES crawling identity in Exchange Online

  1. Connect PowerShell to your Exchange Online organization (see Use Windows PowerShell in Exchange Online).


  2. In a PowerShell command-line connected to your Exchange Online organization, run the following command, where you replace by the user identity used by your source: 

    PS> New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User

  3. Validate the access to the Remote Archives on the Exchange Online server:

    1. Get the latest version of Microsoft EWSEditor.

    2. Create a new Exchange Service (File > New Exchange Service) using these parameters:

      Name Value
      Autodiscover - Service URL
      Autodiscover - Exchange Version Exchange2013
      Credentials - User Name CES crawling identity in UPN/SMTP format
      Credentials - Password Password of the CES crawling identity
      Impersonation - Id Type SmtpAddress
      Impersonation - Id SMTP address of one of the user with a Remote Archive to index
    3. Open the impersonated user archive (right-clicking Add Root Folder) using these parameters:

      Name Value
      Well Known - Folder Name ArchiveMsgFolderRoot
      Well Known - SMTP Address SMTP address of the impersonated user

      Successful opening the impersonated user archive confirms that the CES crawling identity will be able to impersonate and access this Remote Archive.

People who viewed this topic also viewed