Back to Community Threads
Feature Request: Impersonate User by Domain Admins (not just superuser)
Idea shared by Jay Dubb - 11/4/2021 at 8:29 AM
Proposed
J
We delegate Admin privileges to the local  I.T. manager for many of our customers.  They have the default ability to create users, aliases and lists.  We can also OPTIONALLY allow them to:

  • Create domain aliases
  • View passwords
  • Manage EAS licenses
  • Manage mailbox sizes

But there is NO option to grant the ability to impersonate users of the domain.  This frustrates admins when supporting their users.  To view a user mailbox for troubleshooting, the admin has to (1.) reveal the user's password; (2.) log out of their own admin session; then (3.) log in as the user.

If they need to flip back and forth between user and admin screens, they either have to use a different web browser, or constantly log on/off/on/off to switch between admin and user views.

REQUEST:  Give the superuser the option to delegate "Impersonate Users" to local domain admins.

Please UP-vote if you agree.
+1
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
J
Bumping this thread, because we ran into an additional reason for local domain admins to have impersonation ability.... CRM systems that need the ability to impersonate a user to manage their contacts and calendars.  This ability exists in Exchange Server, and we currently use it with 3rd party software to automate certain processes.

A very large customer has a CRM application which can manage user contacts and calendars automatically, and it fully integrates with Exchange by impersonating users.  The CRM vendor is hard-selling them on moving to Microsoft 365 hosted Exchange.  

I will reiterate the original request, that system administrators should be able to delegate "impersonate user" rights to local mail domain admins.  We are hearing this request LOUDLY from a large new MAPI/EAS customer who had impersonation ability on their old host, but lost it when they came to us.

Please UP-VOTE if you agree that we should be able to delegate impersonate-user rights to local domain admins.  Right now we can delegate "view password" rights, but not "impersonate".
 
Hi Jay! The same ability exist also in Kerio Connect and it's used by third party software to do Exchange backups and archiving also (Mailstore and Iperius Backup are two examples...)


I think it would be very useful
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
SmarterTrack/WHMCS Addon ModuleUtilities and Conversion Tools
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Move SmarterMail from Hosted to Self-InstalledSmarterMail > Installation and Configuration
SmarterMail, LDAP, and Active DirectorySmarterMail > Server Configuration and Management