What specific permissions\rights and trusts are required for Messagestats to gather from Exchange 5.5 and 2000\2003 Servers?
When an Interactive gathering is run, the account that will be used to gather the data from Exchange will either be the account that is currently logged on to the computer where Messagestats is installed or an account that was specified in the Messagestats console.
When an automated gathering is run, the account that will be used to gather the data from Exchange is the account specified on the Log On tab in the Properties of the Quest Messagestats service.
In all cases, the account that will gather the data from Exchange must have the following Operational and Exchange specific rights:
Operational Rights:
- Must be a member of the Administrators local group on the computer where the Messagestats Console is installed.
- Must have the 'Act as part of the operating system' Local Security Policy user right on the computer where the Messagestats Console is installed. The Quest MessageStats Installer automatically sets this privilege. If the account logged on at the time when this user right is granted, the account needs to log off and log on for the changes to take affect.
- Must be a member of the MessageStats Admin local group on the server where the MessageStats database resides.
Microsoft Exchange Rights:
For Exchange 5.5 and mixed mode servers:
- Must have administrator rights on the Organization object.
- Must have Read rights on the Administrative shares on the Exchange Server.
- Must have View Only rights on the Site objects.
- Must have Administrator rights on the Configuration object.
- Must have Permissions Admin rights on the relevant Recipients containers (if security is a major concern)
OR Permissions Admin on the Configuration object (if security is not a major concern).
- Must have Read rights to the log files in the tracking log share on the Exchange server.
- Must have Read rights to the file system directory (local, NAS, or SAN) containing the Exchange databases
priv.edb and pub.edb.
If the Exchange 5.5 Server being connected to has a different port number then the default 389, please add the port number to the end of the Server Name when connecting, for example, ServerName:390.
The following are links related specifically to the configuration of Messagestats to gather from Exchange 5.5 servers:
http://questsupportlink.quest.com/eSupport/Solution.asp?WAid=268450060
http://questsupportlink.quest.com/eSupport/Solution.asp?WAid=268438531
http://questsupportlink.quest.com/eSupport/Solution.asp?WAid=268447523
http://questsupportlink.quest.com/eSupport/Solution.asp?WAid=268441992
http://questsupportlink.quest.com/eSupport/Solution.asp?WAid=268445955
http://questsupportlink.quest.com/eSupport/Solution.asp?WAid=268446574
For Exchange 2000 and 2003 servers:
- Must have View Only Administrator rights delegated at the Organization level.
- Must have Read rights on the Administrative shares on the Exchange Server.
- Must have Read rights to the log files in the tracking log share on the Exchange server.
- Must have Read rights to the file system directory (local, NAS, or SAN) containing all Exchange mailbox
and public stores in all storage groups.
In addition to the necessary rights and permissions for the account used to run the gatherings, the following Trust relationships must exist between all Domains involved:
- Domains where the tracking logs exist must be trusted by the domain where the Messagestats Console resides.
- Domain where the SQL server resides must be trusted by the domain where the Messagestats Console resides.
- Domain where the MessageStats Reports web site resides must be trusted by the domain where the Messagestats Console resides.
© 2025 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center