Assigning permissions on Microsoft Exchange Server

The Vault Service account needs to be able to access mailboxes on the Exchange Servers that Enterprise Vault is to archive. You need to grant permissions explicitly on each Exchange Server. If you later add another Exchange Server, you need to repeat the procedure on the new server to enable mailbox access for the Vault Service account.

You must have Exchange administration permissions to do the following tasks.

On Microsoft Exchange Server 2007

  1. On Exchange Server 2007 with Mailbox Role installed, run adsiedit.msc to configure the permissions for the Vault Service account in Active Directory;

    adsiedit.msc is included in Windows support tools.

  2. Expand the tree as follows:

    Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)/CN=Servers.

  3. For each server object (CN=[your Exchange organization]/) that represents Exchange Server 2007 with Mailbox Role installed, do the following:

    • Right-click the object and select Properties.

    • Click the Security tab.

    • Add the Vault Service account and grant this account Full Control.

    • Click Apply.

    • Click Advanced.

    • For the permission entry for the Vault Service account:

      Select the permission entry and click Edit.

      Change Apply onto to This object and all child objects.

      Click OK.

    • Click OK to close the Advanced Security Settings window.

    • Click OK and close the Properties window.

  4. You must also grant the Vault Service account Send As permission on the Enterprise Vault system mailbox object (and all child objects).

    • In adsiedit.msc, click Domain [your_domain].

    • Locate the mailbox that you created for the Enterprise Vault system mailbox. This is usually under CN=Users.

    • Right-click the object and select Properties.

    • Click the Security tab.

    • Add the Vault Service account and then add Send as permissions to this account.

    • Click Apply.

    • Click OK and close the Properties window.

    • Close adsiedit.msc.

On Microsoft Exchange Server 2003 and Microsoft Exchange 2000 Server

  1. Click Start > Programs > Microsoft Exchange > System Manager.

  2. Expand the Servers container.

  3. Right-click your Exchange Server and, on the shortcut menu, click Properties.

  4. Click the Security tab.

  5. Click Add.

  6. Double-click the Vault Service account to add it to the list.

  7. Click OK to go back to the Security tab. The Vault Service account has been added to the Name list.

  8. In the Name list, click the Vault Service account.

  9. In the Permissions list, make sure that all check boxes in the Allow column are selected. Select any check boxes that are not already selected.

  10. Click OK.