6
Feature Request: Impersonate User by Domain Admins (not just superuser)
Idea shared by Jay Dubb - 11/4/2021 at 8:29 AM
Proposed
We delegate Admin privileges to the local  I.T. manager for many of our customers.  They have the default ability to create users, aliases and lists.  We can also OPTIONALLY allow them to:

  • Create domain aliases
  • View passwords
  • Manage EAS licenses
  • Manage mailbox sizes

But there is NO option to grant the ability to impersonate users of the domain.  This frustrates admins when supporting their users.  To view a user mailbox for troubleshooting, the admin has to (1.) reveal the user's password; (2.) log out of their own admin session; then (3.) log in as the user.

If they need to flip back and forth between user and admin screens, they either have to use a different web browser, or constantly log on/off/on/off to switch between admin and user views.

REQUEST:  Give the superuser the option to delegate "Impersonate Users" to local domain admins.

Please UP-vote if you agree.

4 Replies

Reply to Thread
2
Our team, in particular, keeps "impersonation" on the down low.  We do not openly advertise that even our team can do it. We think it makes users feel uneasy in 2021.

But when we have to, we impersonate.

Thank you,
Ron
0
+1
1
Bumping this thread, because we ran into an additional reason for local domain admins to have impersonation ability.... CRM systems that need the ability to impersonate a user to manage their contacts and calendars.  This ability exists in Exchange Server, and we currently use it with 3rd party software to automate certain processes.

A very large customer has a CRM application which can manage user contacts and calendars automatically, and it fully integrates with Exchange by impersonating users.  The CRM vendor is hard-selling them on moving to Microsoft 365 hosted Exchange.  

I will reiterate the original request, that system administrators should be able to delegate "impersonate user" rights to local mail domain admins.  We are hearing this request LOUDLY from a large new MAPI/EAS customer who had impersonation ability on their old host, but lost it when they came to us.

Please UP-VOTE if you agree that we should be able to delegate impersonate-user rights to local domain admins.  Right now we can delegate "view password" rights, but not "impersonate".
 
0
Hi Jay! The same ability exist also in Kerio Connect and it's used by third party software to do Exchange backups and archiving also (Mailstore and Iperius Backup are two examples...)


I think it would be very useful

Reply to Thread