To create a BESAdmin
account and a mailbox
1- You
need to prepare the network by:
a- On
a domain controller, open Active Directory Users and Computers.
b- Create
an account with the following attributes:
Name: BESAdmin and
the password , make sure you set the password
to not to change and never expire. Also, create a Microsoft Exchange mailbox
and the group membership: Domain User. Place in Users OU.
2- On
the BES server add the BESAdmin account to the local Administrators group.
Or if installing on the DC add to
Administrators group.
SETTING SERVICE AND
LOGON RIGHTS FOR THE BESADMIN ACCOUNT
For NON-SBS servers
see below
1- On
the BES server, open the Local Security Policy under Administrative Tools.
2- Local
Policies > User Rights Assignment > Scroll down to “Log on as a Service”
& “Allow log on locally”, double click on it and add the BESAdmin account.
For a SBS servers
see below;
• On
a SBS 2003 server, open
Domain Controller Security Policy > Local Policies > User Rights Assignment > Scroll down to “Log on as a Service” & “Allow log on locally”, double click on it and add the BESAdmin account.
Domain Controller Security Policy > Local Policies > User Rights Assignment > Scroll down to “Log on as a Service” & “Allow log on locally”, double click on it and add the BESAdmin account.
• On
a SBS 2008 server, Open GP, open Domain Controller Security Policy
• Computer
Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment > Scroll down to “Allow log on locally”, double click on it and
add the BESAdmin account. Now open Local Policies > User Rights Assignment
> Scroll down to “Log on as a Service”, double click on it and add the
BESAdmin account.
• GPUPDATE/FORCE
from the command prompt.
To Set Send As
permission to enable BlackBerry users to send messages
1- On
the taskbar, click Start®Administrative Tools ® Active Directory Users
and Computers.
2- On
the View menu, click Advanced Features.
3- Right-click
the root of the domain.
4- Click
Properties then on the Security tab, click Advanced then click Add Type
BESAdmin and click Check Name, now click OK. In the Apply to drop-down list,
click Descendant User Objects. In the Allow column, select the Send As check
box then click Apply and OK.
To configure the
Exchange 2003 permissions for the BESAdmin account
1- In
Exchange System Manager, right click on the Administrative Group (normally
there is only one), if you can’t see it right click on the exchange
organization à Properties and select it from here, and select
“Delegate control”.
2- Add
the BESAdmin account and give it role Exchange View-Only Administrator
permission.
3- Right
click properties on the Exchange server object, goBESX01 to Security tab and
allow the BESAdmin Send As, Receive As, and Administer Information Store
permissions. Make sure you check the mailbox store is inherited this
permissions from the server.
To configure the
Exchange 2007 permissions for the BESAdmin account
1- Open
the Microsoft Exchange Management Shell on the Exchange 2007 server and type;
add-exchangeadministrator
BESAdmin –role ViewOnlyAdmin
2- Now
type the following command;
get-mailboxserver
messaging_server_name | add-adpermission -user "BESAdmin"
-accessrights ExtendedRight -extendedrights Receive-As, ms-Exch-Store-Admin
3- Now
type the following command;
get-mailboxdatabase
‘messaging_server_name\First Storage Group\Mailbox Database’ | add-adpermission -user "BESAdmin"
-accessrights GenericRead, GenericWrite –extendedrights Send-As, Receive-As
ms-Exch-Store-Admin
To configure the
Exchange 2010 permissions for the BESAdmin account
1- Click
Start > Programs > Microsoft Exchange Server 2010 > Exchange
Management Shell.
2- In
the command prompt window, type the following two commands and then press
Enter:
Get-MailboxDatabase
| Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight
-ExtendedRights Receive-As, ms-Exch-Store-Admin
and
Add-RoleGroupMember
"View-Only Organization Management" -Member "BESAdmin"
Note: If you create
a new mailbox database for Microsoft Exchange you will need to repeat step 2
for Microsoft Exchange 2010.
No comments:
Post a Comment