The account does not have permission to impersonate the requested user.
This error indicates that the specified administrative account does not have permissions to impersonate users and log in to their mailboxes for migration purposes.
When migrating to Office 365, we automatically execute remote PowerShell commands to grant the admin account impersonation rights. However, those PowerShell commands can time out before they complete. In this case, it will be necessary to manually grant permission using remote PowerShell. There is no need to install any additional software in order to do this. Please be patient; the remote PowerShell commands below can take several minutes to complete.
- Make sure the admin account is a global admin.
- Click on the Windows Start button.
- Search for Windows PowerShell (PowerShell should already be installed).
- Start PowerShell under an administrator context (right-click -> run as administrator)
- Run the following PowerShell commands (one at a time):
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User firstname.lastname@example.org
- Enable-OrganizationCustomization command can take a very long time to run.
- Ignore any error such as "This operation is not available in current service offer."
- Ignore any error such as "The assignment of the management role 'ApplicationImpersonation' [...] won't take effect until user is migrated."
- Make sure to replace "email@example.com" in the last PowerShell command above with the global admin account used for migration.