Assigning the permissions at Organization or Administrative Group level

If required, you can add the permissions at the Organization or Administrative Group level in the Exchange hierarchy. This will enable the permissions to be propagated automatically to any new Exchange Servers added below the level at which the permissions are assigned.

To assign the permissions at Organization or Administrative Group level (Exchange Server 2000 or 2003)

Enable the display of the Security page by configuring the ShowSecurityPage registry setting (see Microsoft Knowledge Base article 883381).
In the left-hand pane of Microsoft Exchange, System Manager, right-click your Exchange Organization or the administrative group that you want, and select Properties.
Select the Security tab and set the required permissions for the Vault Service account, as described in the steps for individual Exchange Servers.

To assign the permissions at Organization or Administrative Group level (Exchange Server 2007)

To assign permissions at Exchange Organization level, expand the tree in adsiedit.msc as follows:

Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]

To assign permissions at Administrative Group level, expand the tree as follows:

Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)
Right-click the object and select Properties.
Click the Security tab.
Add the Vault Service account and grant this account Full Control.
Click Apply.
Click Advanced.
For the permission entry for the Vault Service account:
- Select the permission entry and click Edit.
- Change Apply onto to This object and all child objects.
- Click OK to exit the Edit window.
- Click OK to close the Advanced Security Settings window.
- Click OK and close the Properties window.
Close adsiedit.msc.