Exchange Server Archiver - 3.0
Learning Exchange Server Archiver - 3.0
Creating the Archive Service user
The Archive Service needs a mailbox-enabled user that has 'administer information store' permissions on all mailboxes when it communicates with Exchange. For Exchange Server 2003, the Archive Service user must also have 'view information store' permissions.
You are recommended to make the Archive Service user a domain administrator; domain administrators have the necessary permissions. If you do not wish to do this, you must:
- Make the Archive Service user a local administrator on the Exchange servers, or add permissions to execute WMI calls on Exchange.
- Add read permissions to the Exchange configuration subtree in Active Directory.
- Make the Archive Service user a local administrator on the Archive Service computer.
- Grant permissions on all mailbox databases.
Adding WMI permissions
If you do not want to make the Archive Service user a domain administrator or a local administrator on the Exchange servers, add permissions to execute WMI calls on Exchange:
- Navigate to WMI Control.
To launch this from a command line, run
wmimgmt.msc - Right-click WMI Control and select Properties.
- In WMI Control Properties, select the Security tab.
- Under Root, expand CIMV2, and then click Security.
- Click Advanced.
- Click Add, type the name of the user, and click OK.
- In Permission Entry for CIMV2, ensure This namespace and subnamespaces is selected in Apply to, and then select the Allow check box for:
- Execute Methods
- Enable Account
- Remote Enable
- Click OK three times to return to the Security tab.
- For Exchange Server 2003 only:
- Under Root, expand MicrosoftExchangeV2, and then click Security.
- Click Advanced.
- Click Add, type the name of the user, and click OK.
- In Permission Entry for MicrosoftExchangeV2, ensure This namespace and subnamespaces is selected in Apply to, and then select the Allow check box for:
- Execute Methods
- Enable Account
- Remote Enable
- Click OK on all the WMI Control Properties dialog boxes, and close the WMI Control.
- In Administrative Tools, open Component Services.
- Expand Component Services, expand Computers, right-click My Computer, and then click Properties.
- Select the COM Security tab.
- Under Launch and Activation Permissions, click Edit Limits.
- Add the Archive Service user name.
- If the Archive Service will run locally, select the Allow check box for Local Launch and Local Activation; if it will run remotely, select Remote Launch and Remote Activation.
- Click OK on all the My Computer Properties dialog boxes.
- For Exchange Server 2007 only: navigate to the folder on disk for each storage group, and grant the Archive Service user permissions to read the folder and its contents.
For example, for a new, default installation, the storage group is in:
C:\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group
Adding Exchange configuration subtree permissions
If you do not want to make the Archive Service user a domain administrator, you must add permissions to read the Exchange configuration subtree:
- If necessary, install ADSI Edit by following the instructions on Windows Server TechCenter.
- Run adsiedit.msc to open ADSI Edit.
- Under Configuration, expand Services, right-click Microsoft Exchange, and then click Properties.
- In the Microsoft Exchange Properties dialog box, select the Security tab.
- Click Add, type the name of the Archive Service user, and click OK.
- Click Advanced, select the Archive Service user, and click Edit.
- In the Apply to box, select This object and all child objects and select the Allow check box for:
- List Contents
- Read All Properties
- Read Permissions
- Click OK on all the Microsoft Exchange Properties dialog boxes.
- Under Domain, right-click Microsoft Exchange System Objects and click Properties.
- In the Microsoft Exchange System Objects Properties dialog box, select the Security tab.
- Click Add, type the name of the Archive Service user, and click OK.
- Click Advanced, select the Archive Service user, and click Edit.
- In the Apply to box, select This object and all child objects and select the Allow check box for:
- List Contents
- Read All Properties
- Read Permissions
- Click OK on all the Microsoft Exchange System Object Properties dialog boxes.
- Close ADSI Edit.
Granting permissions on all mailbox databases
It is necessary to grant 'administer information store' permissions manually if the Archive Service user is not a domain administrator.
For Exchange Server 2003, it is also necessary to grant 'view information store' permissions.
In Exchange Server 2010 and Exchange Server 2007
In Exchange Server 2010 and Exchange Server 2007, you use a Powershell command to change the user permissions.
The following command gives the user UserName rights on all storage groups within any Exchange 2007 server on the domain DomainName.com:
foreach ($sg in Get-StorageGroup) { if ((Get-ExchangeServer
$sg.Server).Domain.Equals("DomainName.com")) { get-mailboxdatabase
-storagegroup $sg.Identity | add-adpermission -user UserName
-ExtendedRights MS-Exch-Store-Admin; } }
The command must be run on an Exchange server in each domain.
The following command gives the user UserName rights within any Exchange 2010 mailbox database:
get-mailboxdatabase | add-adpermission -user UserName -ExtendedRights MS-Exch-Store-Admin
In Exchange Server 2003
By default, the System Manager in Exchange Server 2003 does not display the Security tab when you select an Exchange Organization object, so you cannot modify the permissions. Therefore, to change user permissions, you must enable the ShowSecurityPage registry setting:
- Go to the following Exchange branch in the registry editor:
HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exadmin
- Create a new dword called ShowSecurityPage.
- Change the value of the dword to 1.
This displays the Security tab when you select an object.
- Close and re-open the Exchange System Manager.
You can now change the permissions on the servers to grant full access to the user.
- For each Exchange server you will archive, navigate to the server object that has the Administrative group containing the user.
- Right-click the server object, and click Properties.
- In the Properties window, click the Security tab.
- Click Add, specify the user or group for which you want to change permissions, and then click OK.
- Ensure that the user or group is selected in the Group of user names list, and then under Permissions for..., select Allow Administer Information Store and Allow View Information Store Status.
- Click OK.
Keywords: Archive Service user, permissions, WMI,
See also |
Was this article helpful?
Installing and initial setupExchange Server Archiver
- Archiving does not complete
- Running the UAA Service on a Web server when another application requires a different ASP.NET version
- Authorization for the OWA Add-in on Exchange Server 2003
- Cannot access attachment from Outlook Web Access (OWA)
- Cannot open archived message using OWA Add-in on Exchange Server 2003
- Data security in Exchange Server Archiver
- Disabling the Outlook Add-in
- Troubleshooting your Exchange Server Archiver installation
- Logs and configuration files
- Logs and configuration files in Exchange Server Archiver
- Exchange store size is not smaller after archiving
- Mailbox size displayed as 'Unavailable' for all users
- MAPI_E_NOT_FOUND error when archiving or retrieving mailbox sizes
- MAPI versions supported for Exchange Server Archiver
- Messages missing from Exchange Server Archiver Search results
- Mobile support for Exchange Server Archiver
- UAA Service could not connect
- Preventing the Outlook Add-in and UAA Service web page from prompting for credentials
- Upgrading Exchange Server Archiver
- User does not have permission to read mailbox using UAA Service
- WSAECONNRESET error when archiving or retrieving mailbox sizes
- .NET programmability support for Outlook 2007 is not installed
- Upgrading Exchange Server Archiver
- Admin Console continuously prompts for User Archive Access (UAA) Service website credentials followed by error
- User DOMAIN\user cannot be granted permission on the mailbox - no archive service which could be contacted allowed this (1.0)
- User Archive Access Service is unable to retrieve mailbox GUID
- Creating a CNAME record for the User Archive Access Service
- Archive Service throwing exception CreateMsgService: MAPI_E_NOT_FOUND
- ActiveX component can't create object error accessing archived message through OWA Basic
- Attempting to access archived message results in continuous prompt for credentials
- Configuring ESA to use a specific Active Directory server
- RPC Server Unavailable and other errors in the Admin Console
- (version 2) Moving archived messages in Outlook does not work
- Embedded items not showing in Outlook preview pane
- MAPI_E_NOT_FOUND error logging on to mailbox
- Checking that the Outlook add-in is not disabled
- ESA Version 3.0 showing error in Admin Console: Method not found 'Boolean System.Threading.WaitHandle.WaitOne (Int32)'
- Archive Service reporting MAPI_E_NETWORK_ERROR when connection to Exchange
- Error: 'The installer requires a website to be configured on port 80 (-2147023728)
- Cannot log on to Exchange errors occurring in the Admin Console
- Cannot log on to Exchange because of permissions in Exchange 2010
- Argument exception occurring in storage service
- UnauthorizedAccessException happening during copy back to Exchange
- I want to uninstall ESA - what are my options?
- Log files in PST Importer 2010
all products
- Some Red Gate products identified as containing a trojan by Anti-Virus software
- Activation may fail with Unknown Error -1
- Product uses web help although a CHM file is available locally
- Argument exception resulting from missing environment variable
- Check for updates may fail when used through proxies
- 'Unidentified Publisher' error when repairing or uninstalling
- Licensing activates product as standard edition
- Moving Red Gate software products to another machine
- Red Gate tools log locations
- The application UI opening slowly when there is no internet access
Exchange Server Archiver
- Archiving all messages with Exchange Server Archiver
- Archiving to external storage with Exchange Server Archiver
- Backing up and restoring Exchange Server Archiver archive data
- Deploying the Exchange Server Archiver Outlook Add-in using Active Directory group policy
- Installing Exchange Server Archiver on the Exchange server
- Installing the Exchange Server Archiver OWA Add-in on front-end/back-end Exchange 2003 configurations
- Upgrading Exchange Server when using Exchange Server Archiver
- Moving Exchange Server Archiver to a new server
- Using multiple Archive Stores with Exchange Server Archiver
- Searching all archived messages with Exchange Server Archiver
- Understanding placeholders in Exchange Server Archiver
- Exchange Server Archiver release notes - version 3.xx
all products
- Red Gate product acknowledgements
- Activating your products
- Activating your products
- Red Gate bundle history
- Check for updates
- Troubleshooting Check for Updates errors
- Current versions
- Deactivating your products
- Installing Red Gate products from the .msi file
- Requesting additional activations
- Serial numbers for bundles
- Reactivating using a different serial number
- Extending your trial
- Finding your serial numbers
- Moving a serial number from one computer to another
- No response received for manual activation
- Licensing and activation resources
- Licensing and activation resources
- Troubleshooting licensing and activation errors
- Licensing and activation FAQs
- Red Gate tools log file locations
- Download old versions of products
- Download product prerequisites & utilities
- Support & upgrades
- Upgrading your software
- Upgrading FAQs
