web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Exchange Rights requir...
Microsoft Dynamics CRM (Archived)

Exchange Rights required for Email Router Configuration Manager accounts

(0) ShareShare
ReportReport
Posted on by Sherv 85

Hi,

Setup: CRM email router 4.0 & MS Exchange 2010

I've recently been working on a problem with regards to sending emails out from CRM. After attempting to set this up I created an impersonation account in exchange and put the credentials for this account into the outgoing and incoming profiles.

This did not work for the CRM user testing this.

A support company suggested we use an Exchange administrator account in these profiles which has worked.  After putting my own account details in, emails are sent with no problems to users via CRM.  This is obviously something I dont want to use as it is a security risk.

Does anyone know how what the minimum rights required are for the account, so that this works.  Apologies for the vague detail as I dont know a lot about CRM I've just been asked to have a look at this problem.  I've read forums suggesting setting up an application impersonation account but this hasnt worked.

Many Thanks,

Sherv

 

*This post is locked for comments

I have the same question (0)
  • Gus Gonzalez Profile Picture
    Gus Gonzalez 27,113 on at

    Sherv,

    I normally follow the permissions guide for BES (Blackberry Enterprise Server) and those normally work quite well.

    There is no guide (to my knowledge) that describes the minimum permissions needed by the email router so I normally use BES' guidelines. :)

    Just a little trick I learned years ago.

  • Sherv Profile Picture
    Sherv 85 on at

    HI Gus,

    Thanks for the sugestion. I've tried using powershell on exchange to set the rights but I couldn't get this to work.  As a quick fix I've created a domain account and made it a member of exchange admins and used this for the outgoing profile.  This is working for now, and as we may be moving to Exchange 2013 in the summer, i'll wait until them to sort an account out with the appropiate rights.

    Thanks,

    Sherv

  • Shahid Shaikh Profile Picture
    Shahid Shaikh on at

    Hi Sherv,

    Outgoing profiles support the following access credentials:

    •Local System Account. This option requires a machine trust between the computer where the E-mail Router is running and the computer where Microsoft Exchange Server is running. For more information, see the Microsoft Dynamics CRM Installing Guide. For outgoing profiles, this is the only option available if you select the Anonymous authentication type.

    •Other specified. This option enables the administrator to configure the E-mail Router to send e-mail messages on each user's behalf by using the access credentials of a specified user account that has full access to all the mailboxes that the outgoing profile will serve.

    Thanks,

    Shahid S

    Microsoft Dynamics CRM Support Engineer

  • Suggested answer
    THEITGUYS Profile Picture
    THEITGUYS 5 on at

    In Exchange 2010:

    A single user is configured to connect to mailboxes of all other CRM users and queues that have their mailboxes on Microsoft Exchange Server 2010. This configuration hence makes do with the need to create profile for each CRM user and queue individually.

    To achieve this you need to run the following command in Exchange Management Shell–

    New-ManagementRoleAssignment   –Name: "ImpersonationName”

    -User: "RouterAdministrator@YourOrganization.com"   –Role:"ApplicationImpersonation”

    In the above command, the Name parameter specifies a name for the new management role assignment. User is the username of the user who is given Exchange Impersonation permission and therefore can now access Exchange 2010 mailboxes of all other users in the Exchange organization.

    [Details on New-ManagementRoleAssignment can be found here]

    2. A single user is configured to connect to mailboxes of select set of CRM users and queues that have their mailboxes on Microsoft Exchange Server 2010. This configuration is preferable as the impersonation rights are given selectively on the desired mailboxes only.

    To enable this scenario, you need to define the set of users as a Management Scope in Microsoft Exchange Server 2010. To do so, run the following command in Exchange Management Shell–

    New-ManagementScope   –Name: "ManagementScopeName"

    –RecipientRestrictionFilter { Name  -eq  ‘ crmuser1 ’ }

    In the above command, The Name parameter specifies the name of the management scope. The RecipientRestrictionFilter parameter specifies the filter to apply to recipient objects.

    [Details on New-ManagementScope can be found here]

    The new Management Scope created can now be used in the Role Assignment command to restrict the scope of Exchange Impersonation.

    New-ManagementRoleAssignment   –Name: "ImpersonationName”

    -User: "RouterAdministrator@YourOrganization.com"   –Role:"ApplicationImpersonation”

    -CustomRecipientWriteScope: ”ManagementScopeName”

    blogs.msdn.com/.../how-to-configure-microsoft-dynamics-crm-4-0-e-mail-router-on-premise-with-microsoft-exchange-server-2010.aspx

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans