I get this question a lot, so I thought I’d post a short post while I stare at progress bars…
In EWS, impersonation allows your code to perform operations using the permissions of the impersonated account. For example, if a service were running under a service account that could impersonate me, the service could use EWS to send mail, schedule meetings, etc. using my permissions. The results (emails, meetings, etc.) would be indistinguishable from mailbox items I created myself.
If the calling account doesn’t have the correct permissions to impersonate, your calls will fail.
In order to impersonate an account, the caller needs two permissions in AD:
Details on how to grant these permissions can be found here. There are impersonation samples in the EWS SDK download that you can use to test if an account is properly configured.
Check out this webcast for more details on the infrastructure required when building applications that leverage OCS 2007 R2 and Exchange 2007 SP1.