KBI 310295 Configuring Exchange 2007 Permissions
Version
Argent for Exchange 2.0A
Date
9 Jan 2012
Summary
Elevated Permissions for the Argent Service Account mailbox are required for Argent for Exchange to monitor the Microsoft Exchange Environment.
Full Exchange Administrator Permissions in certain setups may not be provided to the Argent Service Account due to internal company policy.
Technical Background
The minimum permissions required to monitor the Exchange Server and Mailboxes are
- Exchange Organization View Only Administrator
- Administer Information Store
Without these Exchange Permissions, Argent Monitoring for the Exchange Servers and Mailboxes will fail (Access Denied with MAPI Error 8004011d – openmsgstore failed)
Resolution
Assign the Argent Service Account the required permissions as follow:
- Ensure the Argent Service Account (or the Domain Admin Account used to install Argent) has a mailbox created
- On the Microsoft Exchange 2007 Mailbox Server, open the Exchange Management Shell
- Type add-exchangeadministrator argent.admin -role ViewOnlyAdmin
- Type get-mailboxserver “<messaging_server_name>” | add-adpermission -user “argent.admin” -accessrights ExtendedRight -extendedrights ms-Exch-Store-Admin
Alternatively, the Exchange Organization View Only Administrator membership can be added for the account on Active Directory.
The Administer Information Store can be added to the account using ADSIEdit.