Exchange Server 2010 Permissions Document

Similar documents
METADATA FRAMEWORK. On-Premises Exchange Permissions

Installing GFI MailArchiver

Getting started guide

Envelope Journaling for Microsoft Exchange 2003 Version 1.0

Trial environment setup. Exchange Server Archiver - 1.0

Outlook Desktop Application for Windows

Installing GFI MailArchiver

6.9. Quick Start Guide

Kernel Migrator for Exchange

Setup Service Account in AD

Password Reset Utility. Configuration

Symprex Signature Manager

Symprex Signature Manager

WMI log collection using a non-admin domain user

Enterprise Vault Whitepaper

Blackberry Enterprise Server Pre-installation and Checklist Guide

ZL UA Configuring Exchange 2010 for Archiving Guide. Version 7.0

Acronis Backup & Recovery 11 Beta Advanced Editions

Installation Guide. . All right reserved. For more information about Specops Command and other Specops products, visit

Archiving Service. Exchange server setup (2013) AT&T Secure Gateway Service

Cisco TelePresence Management Suite Extension for Microsoft Exchange

Enterprise Vault.cloud Folder Sync 1.13 Administration Guide

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

Symantec Enterprise Vault 2007 Installation & Configuration

GroupWise Coexistence Solution for Exchange Installation and Configuration Guide. December 2017

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2010 Migration

Doc-Trak 2012 SyteLine Hold in Drafts Folder Setup Guide

Question No: 3 Which two key benefits are provided by Veritas Enterprise Vault 12.x? (Select two.)

Integrate Microsoft Office 365. EventTracker v8.x and above

Installation of LAPS Password Management Demo Deployment

Integrating Handle with Exchange

Enabling Smart Card Logon for Linux Using Centrify Suite

Integration with Exchange 2007/2010

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2013 Migration

MSX-Agent Installation Guide. Version

Quick Start Guide - Exchange Database idataagent

Symprex Folder Permissions Manager

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

OUTLOOK WEB APP (OWA): MAIL

SFU Connect Calendar. Guide. Sharing Calendars

Step 4 - Choose Your Deployment

ESET REMOTE ADMINISTRATOR PLUG-IN FOR KASEYA. Technical Setup and User Guide

Archiving Service. Exchange server setup (2007) Secure Gateway (SEG) Service Administrative Guides

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

Veritas Enterprise Vault Setting up IMAP 12.1

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Enterprise Vault Setting up IMAP 12.3

Automating the Windows 2000 Installation

Description. Problem: Scan to process is not completed when Microsoft Exchange Server 2007 is used as mail server.

Active Directory Auditing Guide

NetBackup Deployment Template User Guide for System Center Configuration Manager (SCCM)

NETWRIX PASSWORD EXPIRATION NOTIFIER

Quest Migration Manager for Exchange Target Exchange 2010 Environment Preparation (Legacy)

Integrate Windows PowerShell

Essentials Wizard Help - Configure Office 365

One Identity Active Roles 7.2. Quick Start Guide

User Guide - Exchange Mailbox Archiver Agent

Setting Access Controls on Files, Folders, Shares, and Other System Objects in Windows 2000

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Quest Migration Manager for Exchange Target Exchange 2007 Environment Preparation

ShadowProtect Granular Recovery for Exchange

ADMINISTRATOR GUIDE. Find out how to configure GFI OneConnect in different environments, and learn how to set up advanced features.

Guide to Deploy the AXIGEN Outlook Connector via Active Directory

Step 1 - Set Up Essentials for Office 365

User Guide - Exchange Database idataagent

ZL UA Exchange 2013 Archiving Configuration Guide

IceWarp to IceWarp Migration Guide

Symantec Enterprise Vault

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Quest Migration Manager for Exchange Target Exchange 2013 Environment Preparation

Ahsay Online Backup. MS Exchange Mail Level Backup

Exchange 2007 Out of Office Administrators Assistant

Quest Migration Manager for Exchange Target Exchange 2016 Environment Preparation

Microsoft TS: Windows Small Business Server 2011 Standard, Configuring. Practice Test. Version:

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

Course CLD211.5x Microsoft SharePoint 2016: Search and Content Management

IPBrick - Member of an AD domain IPBRICK SA

Administrator s Guide

Enterprise Vault.cloud Folder Sync 1.11 Administration Guide

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

Integrate Trend Micro Control Manager. EventTracker v8.x and above

Wavecrest Certificate SHA-512

Uninstall Cannot Continue Public Folder Database Exchange 2007

"Charting the Course B Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Course Summary

Setup Guide for AD FS 3.0 on the Apprenda Platform

PST for Outlook Admin Guide

LAB MANUAL. Craig Zacker.

Modular Messaging. Release 3.0 / 3.1 /4.0. Diminished Permissions for Exchange.

Microsoft Exchange for IM and Presence Service on Cisco Unified Communications Manager, Release 10.5(1)

Configuring an SMTP Journal Account for Microsoft Exchange 2003

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

Recent Operating System Class notes 04 Managing Users on Windows XP March 22, 2004

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810

Windows Server 2003 Network Administration Goals

Commvault Simpana 11 Best Practices for Cloud Backup Accelerator

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

Server Manager Window

OOOCTA Version 4.1. Installation and Users Guide.

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

Transcription:

Exchange Server 2010 Permissions Document Summary This document is designed to help you quickly create the users, security group, organizational unit, set a group policy, use ADSI Edit, and assign the proper permissions to the group required for successful operations of the SonaVault software. Pre-request Proper working of the DNS Can access the Global Address List (GAL) AD (Active Directory) Steps Creating a Global Security Group - AD (Active Directory) This section shows how to create a global security group "SonaEXServices" and how to add the Journal Mailbox user as a "Member". 1. Logon to the Domain Controller with a Domain Admin account 2. Right Click Users _ New _ Group 3. Select Group to launch New Object Group window Exchange Server 2010 Permissions Document Page 1 of 20

New Object - Group Create a new Security Group called "SonaEXPermissions or SonaEXServices" and make sure that the Group scope is Global, and the Group type is Security. Click Click Next. Please note that there is no need to create an exchange mailbox for this group. Exchange Server 2010 Permissions Document Page 2 of 20

Active Directory Users and Computers Locate Global Security Group Exchange Server 2010 Permissions Document Page 3 of 20

Delegating Control in Active Directory Users and Computers Delegating control in Active Directory is required to discover the existing users, and grant permissions to the global security group. Active Directory Users and Computers Right click on the Active Directory domain name and from the menu click on Delegate Control. Users or Groups Click Add and make sure to select the security group "SonaEXServices" in this case and then click next. Exchange Server 2010 Permissions Document Page 4 of 20

Tasks to Delegate Make sure to delegate the following common tasks to the group by clicking in the boxes to ensure proper permissions are assigned for mailbox. Create, delete, and manage user accounts Reset user passwords and force password change at next logon Read all user information Now click Next Completing the Delegation of Control Wizard Now click Finish to complete the Delegation of Control Wizard for Active Directory. Exchange Server 2010 Permissions Document Page 5 of 20

Exchange Server 2010 Steps Delegating Control in Exchange System Manager Delegating control to the global security group using Exchange Management Shell to assign the Exchange Organization Administrator role is required for reading the Journal Mailbox. Exchange Management Shell Open Exchange Management Shell with as an Exchange admin Type the following command: get-mailboxserver <Exchange_server_name> add-adpermission -user <Journal Mailbox User> -accessrights ExtendedRight -extendedrights Send-As, Receive-As, ms-exch-store-admin Note: If the user permission is not set correctly, please read the last section (Using ADSI Edit to Set the Required Permissions for SonaVault Services Group) to add the permissions manually. There will be a warning if the permissions are already present Exchange Server 2010 Permissions Document Page 6 of 20

Adding the Global Security Group to the Local Administrator Group on the Exchange Server Server Manager Open Server Manager Expand Configuration Expand Local Users and Groups Select Groups Double click on the Administrators group to open the Administrators Properties Note: Adding the Global Security Group to the Local Administrator Group on the Domain Controller is not allowed Administrators Properties Click the Add button Exchange Server 2010 Permissions Document Page 7 of 20

Select Users, Computer, or Groups To add the group, do the following: Select this object type: Users or Groups From this location: the location should be your domain Enter the object names to select (examples): type in sona in the box Now click Check Names. This should automatically find matching names to select from. Multiple Names Found Select the Global Security group that was previously created SonaEXServices and click OK. Important Note - Make sure to repeat this process on each Exchange Server. Exchange Server 2010 Permissions Document Page 8 of 20

Assigning Log On As A Service rights to the Global Security Group on each Exchange Server Local Security Settings To add the group to Log on as a service, do the following Open Administrative Tools menu Open Local Security Policy Expand Local Policies Select User Rights Assignment Select Log on as a service - right click and go to properties Add the global security group SonaEXServices as created above This will ensure that the user through which the SonaVault Agent Service is running is granted proper logon rights. Important Note - Make sure to repeat this process on the on other Exchange Servers. Exchange Server 2010 Permissions Document Page 9 of 20

Creating Journal Mailbox User Account on the Exchange Server Exchange Management Console Note: The following images are just an example. Please read to the document to properly configure the User. sonajmbx_<machine name> mailbox name changed to sj_<exchange Server Name> 1. Open the Exchange Management Console 2. Expand the Recipient Configuration 3. Right click on Mailbox 4. Select New Mailbox New Mailbox Select User Mailbox and click Next. Exchange Server 2010 Permissions Document Page 10 of 20

User Type Select New User and click Next. User Information Sonasoft suggest that you name the Journal Mailbox User sj_<exchange Server Name> for example: sj_windows2k7 (Name of Exchange Server) First Name: sj_windows2k7 (Name of Exchange Server) User Logon Name: sj_windows2k7 (Name of Exchange Server) Please make sure that the User must change password at next logon is Un-checked Click next when the appropriate information has been provided. Exchange Server 2010 Permissions Document Page 11 of 20

Mailbox Settings Make sure to create this users mailbox on the Exchange Server. This is very important in order for this User to be able to conduct administrative tasks on this server. New Mailbox Configuration Summary Click New for the following mailbox to be created. The Configuration Summary provides the details of settings that were specified for the mailbox. Exchange Server 2010 Permissions Document Page 12 of 20

New Mailbox Completion The New Mailbox has been successfully created, now click Finish to close the wizard. Exchange Management Console Mailbox Created The new mailbox can be seen in the Exchange Management Console. Exchange Server 2010 Permissions Document Page 13 of 20

Adding SonaExservices Group to the Journal Mailbox user 1. Go to Active Directory Users and Computers on the Exchange Server 2. Select Users 3. Right click on the Journal Mailbox User sj_<exchange Server Name> and go to Properties 4. Active Directory Users and Computers - right click on the user account you just created. Now click on 1. "Member OF" tab. 5. Enter the object names to select (examples): type in sona in the box. Now click Check Names. 2. This should automatically find matching names to select from Multiple Names Found 6. Select SonaExservices 7. Click OK Exchange Server 2010 Permissions Document Page 14 of 20

sj_<exchange Server Name> Properties Security Group Added to Journal Mailbox User Make sure to add the following permissions if they do not already exist (remove any other existing permission(s) that is not required): Domain Users SonaEXServices Domain Admin (Used only on Exchange Servers that are domain controllers) Click on Apply and OK to add the SonaExservices Group to the Journal Mailbox User. Exchange Server 2010 Permissions Document Page 15 of 20

Configuring a Journal Mailbox in Exchange 2010 Exchange Management Console How to Enable journaling in Exchange 2010 1. Open the Exchange Management Console where the SonaVault Agent is going to be installed 2. Expand Organizational Configuration 3. Select Mailbox 4. On the right, under the Database Management tab, select the Mailbox Database where the Journal Mailbox will be configured Exchange Management Console 5. Right click on the Mailbox Database and go to Properties Exchange Server 2010 Permissions Document Page 16 of 20

Exchange Management Console 6. Select Maintenance tab 7. Check the Journal Recipient and click on Browse Exchange Management Console 8. Select the sj_<exchange Server Name> Journal Mailbox User and click OK 9. All the Users e-mails from the Mailbox Database will be archived to the Journal Mailbox 10. Please repeat these steps for all the Storage Groups where the e-mails will be archived. Exchange Server 2010 Permissions Document Page 17 of 20

Script to skip Anti-Spam processing on a Journal Mailbox Once the Journal Mailbox is created run the following script to skip Anti-Spam processing on the mailbox. Running Scripts From Within Windows PowerShell: Set-Mailbox -Identity <MAILBOX_NAME> -AntispamBypassEnabled $true Running Scripts Without Starting Windows PowerShell: Create a file called ByPassSpam.ps1 with the following content: Set-Mailbox -Identity <MAILBOX_NAME> -AntispamBypassEnabled $true And then run it as follows: Powershell.exe & ByPassSpam.ps1 Exchange Server 2010 Permissions Document Page 18 of 20

Using ADSI Edit to Set the Required Permissions for SonaVault Services Group. Once the Users, and Security Group have been completed, Setting these permissions is very important, as it protects the users rights that have been assigned using the security created to allow proper functionality of the Application. Open Windows Support Tools and run adsiedit.msc (this tool is available from the Windows Server2003 CD) This GUI tool is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. Network administrators can use Active Directory Service Interfaces (ADSI) for common administrative tasks such as adding, deleting, and moving objects with a directory service. Attributes for each object viewed can be changed or deleted. This tool allows you to see the Security Tab of the Microsoft Exchange Stores. They are not available from the Exchange System Manager. The following Screen shots show you what to modify in order for our SonaEXServices Group: Step 1: Using ADSI Edit (Configuration) do the following a. Navigate through to the following folder: CN=Configuration;DC=. CN=Services CN=Microsoft Exchange b. Open Properties starting with CN=Microsoft Exchange folder and select the Security Tab c. Find the SonaEXServices Group in the first list box (Group or user names:) d. If the SonaEXServices Group is not there, add it e. In the Permission for SonaEXServices assign the user Full Control by clicking on the check box f. under the Allow column, and in the list box below scroll down and look for any denies Receive AS g. and Send As. h. Remove them by un-checking them. i. After your done confirm that these inherent settings have propagated down through the following j. folders: CN=Primary Exchange (This name will be different for each environment) CN=Administrative Groups CN=First Administrative Group CN=Servers CN=Sales-Primary (This is the name of your exchange server, you might have more than one) CN= Information Store CN=First Storage Group (If you have multiple storage groups check each one) Exchange Server 2010 Permissions Document Page 19 of 20

Exchange Server 2010 Permissions Document Page 20 of 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback