Granting Read Access to Active Directory Domain
The Target Active Directory Account used by Migration Manager for Exchange agents needs Read access to the target domain to work with servers and target Active Directory.
To grant this permission to the account, complete the following steps:
- On the target domain controller in the Active Directory Users and Computers snap-in, right-click the domain name, and then click Properties on the shortcut menu.
- On the Security tab, click Add and select the account to which you wish to assign permissions (in our example, QMM_Trg_AD).
|
NOTE: If there is no Security tab, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. |
- Select the account name, and then enable the Allow option for the Read permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2 and click Edit.
- In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list.
- Close the dialog boxes by clicking OK.
Granting Write permission on the Microsoft Exchange System Objects Organizational Unit
The account needs the Write permission on the Microsoft Exchange System Objects organizational unit (OU) in all domains in which Exchange servers involved in public folder synchronization reside.
- In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties.
|
NOTE: If there is no Microsoft Exchange System Objects OU, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. |
- On the Security tab, click Add, and select the account.
- Select the account name, and then enable the Allow option for the Write permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit.
- In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.
-
Close the dialog boxes by clicking OK.
Granting Read Permission for the Microsoft Exchange Container
To grant the Read permission for the Microsoft Exchange Container for the account, take the following steps:
- From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK.
-
In the ADSIEdit snap-in, open the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<…>,DC=<…> container.
- Right-click the Microsoft Exchange container and select Properties.
- In the Properties dialog box, click the Security tab.
- On the Security tab, click Add and select the account to which you wish to assign permissions.
- Select the account name, and then enable the Allow option for the Read permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 5 and click Edit.
- In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.
-
Close the dialog boxes by clicking OK.
Granting Write proxyAddresses Permission on Descendant PublicFolder Objects
To grant an account the Write proxyAddresses permission on the Descendant publicFolder objects for the Microsoft Exchange System Objects organizational unit, take the following steps:
- In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties.
Note: If there is no Microsoft Exchange System Objects OU, you should select View | Advanced Features in the Active Directory Users and Computers snap-in.
- On the Security tab, click Advanced, then click Add and specify the account. Then click OK.
- On the Object tab of the Permission Entry dialog box , select Descendant publicFolder objects from the Apply to drop-down list.
- Then open the Properties tab and select Descendant publicFolder objects again.
- After that enable the Allow option for the Write proxyAddresses permission in the Permissions box.
-
Close the dialog boxes by clicking OK.