Granting Read Permission for the Microsoft Exchange Container
To grant the Read permission for the Microsoft Exchange Container for the account, take the following steps:
- From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK.
-
In the ADSIEdit snap-in, open the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<…>,DC=<…> container.
- Right-click the Microsoft Exchange container and select Properties.
- In the Properties dialog box, click the Security tab.
- On the Security tab, click Add and select the account to which you wish to assign permissions.
- Select the account name, and then enable the Allow option for the Read permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 5 and click Edit.
- In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.
-
Close the dialog boxes by clicking OK.
Granting Write proxyAddresses Permission on Descendant PublicFolder Objects
To grant an account the Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit, take the following steps:
- In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties.
Note: If there is no Microsoft Exchange System Objects OU, you should select View | Advanced Features in the Active Directory Users and Computers snap-in.
- On the Security tab, click Advanced, then click Add and specify the account. Then click OK.
- On the Object tab of the Permission Entry dialog box , select Descendant publicFolder objects from the Apply to drop-down list.
- Then open the Properties tab and select Descendant publicFolder objects again.
- After that enable the Allow option for the Write proxyAddresses permission in the Permissions box.
-
Close the dialog boxes by clicking OK.
Granting Write permission on the Microsoft Exchange System Objects Organizational Unit
The account needs the Write permission on the Microsoft Exchange System Objects organizational unit (OU) in all domains in which Exchange servers involved in public folder synchronization reside.
- In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties.
|
NOTE: If there is no Microsoft Exchange System Objects OU, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. |
- On the Security tab, click Add, and select the account.
- Select the account name, and then enable the Allow option for the Write permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit.
- In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.
-
Close the dialog boxes by clicking OK.
Setting Up the Agent Host Account
This section describes how to set the required permissions for the Agent Host Account used by Migration Manager for Exchange agents. This account is used to install and run Migration Manager for Exchange agents on agent hosts and to access the license server. The required privileges for the Agent Host Account are as follows:
- Membership in the local Administrators group on the license server (unless alternative credentials are used for the license server). If server is located in another trusted forest, the account should have local Administrator permissions on the license server
- Local Administrator permissions on the agent host server.
- Permission to create, read and write SCP in domain where agent host resides. The SCP object is located in the CN=Exchange Migration Project,CN=QmmEx,CN=Migration Manager,CN=Quest Software,CN=System,DC=eternity,DC=<...> ,DC=<...> Active Directory container.
- The db_owner role on the SQL server where the database resides. Note that this permission is required if you use Windows authentication option for connecting to SQL Server.
|
NOTE: By default each Exchange server is an agent host for itself. If you use the default agent host then to simplify the account setup process, you can grant these permissions to the Exchange Account and use it instead of the Agent Host Account. |
To set up the Agent Host Account, perform the steps described in the related subtopics.
|
nOTE: Note that the steps are given only as an example of a possible Agent Host Account setup. |