Help Center
Choose product document...
Veeam Backup & Replication 9.5 Update 4
Veeam Explorers User Guide

Required Permissions

This section describes required permissions for user accounts to be used when restoring data.


  • A user account which is used to run Veeam Explorer for Microsoft Exchange requires Read and Write permissions for all files in a folder with the Exchange mailbox database.
  • To restore folders or items back to the Microsoft Exchange server, the account you are using requires sufficient access privileges.

These privileges can be granted either through impersonation or by giving a user Full Access.

Required Permissions Important!

Consider the following:

  • If the account you plan to use for restore owns a mailbox on a target Microsoft Exchange server, you can use any method (impersonation or mailbox access provisioning).
  • If the account you plan to use for the restore does not own a mailbox, the access rights must be granted using Exchange impersonation.

Restore to Public Folder

  • The account must own a mailbox on a target Microsoft Exchange server.
  • The account must have an Organization Management role on a target Microsoft Exchange server. This role can be assigned via PowerShell cmdlet.

Add-RoleGroupMember “Organization Management” –Member “<user_account>”

To restore In-Place Hold Items public folder to the original location:

  • If the In-Place Hold Items folder already exists, the user account that will be used for restore should have permissions to create, modify and delete items in it. To grant required permissions, do the following in the Exchange admin center:
  1. In the feature pane on the left, select public folders, then select the In-Place Hold Items folder in the list and click Manage on the right.
  2. In the dialog displayed, make sure the required account is assigned Publishing Editor set of permissions for that folder.
  • If that folder does not exist, the user account must have permissions to create folders under the All Public Folders (root node). For that, do the following:
  1. In the Exchange admin center select public folders, then click the button to set the root node permissions for the required user account.
  2. Make sure that Permission level is set to Custom and select Create subfolders, Folder visible permissions.

Restore to a Mailbox

  • If you plan to use the account that owns a mailbox on target Microsoft Exchange server, make sure it has Full Access for that mailbox.
    Full Access can be granted, for example, through impersonation or through rights assignment with the following cmdlet:

Add-MailboxPermission –Identity “<target_mailbox>” -User “<user_account>” -AccessRights FullAccess –InheritanceType All

  • If you plan to use the account that does not own a mailbox on target Microsoft Exchange server (for example, a service account), then access rights for target mailbox should be granted through Exchange impersonation.
    For example, you can run the following cmdlet:

New-ManagementRoleAssignment -Name "<role_name>" -Role ApplicationImpersonation -User "<user_account>" [-CustomRecipientScope "<scope>"]

  • After you recover items back to the target mailbox, you may recall the assignment by using either of the following cmdlets:

Remove-ManagementRoleAssignment "<role_name>"

Remove-ManagementRoleAssignment -Identity <role_name>


The following cmdlet shows how to narrow the group of users whom will be assigned the appropriate role to access the target mailbox at restore. For that, it uses the CustomRecipientScope parameter, with sample Organizational Unit specified as the scope:

New-ManagementRoleAssignment -Name "Exchange Test" -Role ApplicationImpersonation -User "Test User" -CustomRecipientScope "spain.local/TargetUsers"

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Explorers User Guide

Backup and Restore of SQL Server Databases

Veeam Plug-ins for Enterprise Applications

PowerShell Reference

Veeam Explorers PowerShell Reference

RESTful API Reference

Required Permissions

Veeam Availability for Nutanix AHV

Veeam Backup for Microsoft Office 365 Documentation

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation