KBI 310296 Configuring Exchange 2010 Permissions


Argent for Exchange 2.0A


9 Jan 2012


Elevated Permissions for the Argent Service Account mailbox are required for Argent for Exchange to monitor the Microsoft Exchange Environment.

Full Exchange Administrator Permissions in certain setups may not be provided to the Argent Service Account due to internal company policy.

Technical Background

The minimum permissions required to monitor the Exchange Server and Mailboxes are

  • Exchange Organization View Only Administrator
  • Administer Information Store

Without these Exchange Permissions, Argent Monitoring for the Exchange Servers and Mailboxes will fail (Access Denied with MAPI Error 8004011d – openmsgstore failed)


Assign the Argent Service Account the required permissions as follow:

  1. Ensure the Argent Service Account (or the Domain Admin Account used to install Argent) has a mailbox created
  2. On the Microsoft Exchange 2010 Mailbox Server, open the Exchange Management Shell
  3. Type Get-MailboxDatabase | Add-ADPermission -User “argent.admin” -AccessRights ExtendedRight -ExtendedRights ms-Exch-Store-Admin
  4. Type Add-RoleGroupMember “View-Only Organization Management” -Member “argent.admin”

Alternatively, the Exchange Organization View Only Administrator membership can be added for the account on Active Directory.

The Administer Information Store can be added to the account using ADSIEdit.