Changing the Default Source Active Directory Account
Changing Default Active Directory Account
|
Caution: This section is relevant to the public folder synchronization only. Active Directory Account for mailbox or calendar synchronization is specified during corresponding job configuration. |
The default Source or Target Active Directory Account (initially displayed on the Associated domain controller page of the Exchange server's properties) is set when you add the source or target organization to the migration project (see the Registering Source and Target Organizations section of the Migration Manager for Exchange User Guide for details).
To change the Source or Target Active Directory Account, click Modify on the General | Associated domain controller page of the corresponding source (target) server properties in the Migration Manager for Exchange Console.
To go on using the default Source (Target) Active Directory Account for Exchange migration, grant the permissions required for Exchange migration to this account (see the next steps).
Granting Read Access to the Source Active Directory Domain
The account should have Read access to the source Active Directory.
To grant this permission to the account, complete the following steps:
- In the Active Directory Users and Computers snap-in, right-click the source domain name, and then click Properties.
- On the Security tab, click Add and select the account.
- Select the Source Exchange Account, and then check the Allow box for the Read permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit.
- In the Permission Entry dialog box, select This object and all descendant (child) objects from the Apply to drop-down list.
- Close the dialog boxes by clicking OK.
Granting Read Permission for the Microsoft Exchange Container
In the source Exchange 2013 organization, the Source Active Directory Account requires the Read permission on the Microsoft Exchange container in the source Active Directory.
To grant this permission, take the following steps:
- From the Start menu, select Run. In the Run dialog box, type ADSIEdit.msc. Click OK.
-
In the ADSIEdit snap-in, open the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<…>,DC=<…> container.
- Right-click the Microsoft Exchange container and select Properties.
- In the Properties dialog box, click the Security tab.
- On the Security tab, click Add and select the account to which you wish to assign permissions.
- Select the account name, and then enable the Allow option for the Read permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 5 and click Edit.
- In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.
-
Close the dialog boxes by clicking OK.
Granting Write permission on the Microsoft Exchange System Objects Organizational Unit
The account needs the Write permission on the Microsoft Exchange System Objects organizational unit (OU) in all domains in which Exchange servers involved in public folder synchronization reside.
- In the Active Directory Users and Computers snap-in, right-click the Microsoft Exchange System Objects OU and click Properties.
|
NOTE: If there is no Microsoft Exchange System Objects OU, you should select View | Advanced Features in the Active Directory Users and Computers snap-in. |
- On the Security tab, click Add, and select the account.
- Select the account name, and then enable the Allow option for the Write permission in the Permissions box.
- Click the Advanced button. In the Advanced Security Settings dialog box, select the account you specified on step 2, and click Edit.
- In the Permission Entry dialog box, select This object and all child (descendant) objects from the Apply onto drop-down list.
-
Close the dialog boxes by clicking OK.