.png){kind=spacer}
How to Grant Your Administrative Logon Account Temporary Rights to Read All Mailboxes in an Exchange Database
Topic Last Modified: 2005-05-23
This topic explains how to grant your administrative logon account temporary rights to read all mailboxes in a Microsoft® Exchange Server 2003 database. Before you can insert data back into the original mailboxes, you must override the default administrative permissions denials on the target database.
By default, Microsoft Windows® accounts with administrative access are denied permission to read the content of ordinary Exchange mailboxes. For ExMerge to merge data with the original database, it must be able to open mailboxes in that database. Therefore, ExMerge cannot be used for this purpose by an administrator without first overriding the permissions denials. For more information, see Salvaging Data from the Recovery Storage Group in Exchange Server 2003.
-
Create a Windows Security Group, and name it something such as "Exchange Recovery Administrators".
-
Add the Windows account you are using to run ExMerge to this group. This account should already be an Exchange administrator account and have local administrator permissions on the Exchange server(s) involved in the mailbox merge process.
-
In Exchange System Manager, locate the target database and open its Properties dialog box. On the Security tab, add the Exchange Recovery Administrators group and grant this group Full Control permissions on the database.
It may be necessary to wait up to 15 minutes for the permissions granted to take effect. Alternatively, you can reset cached permissions by stopping and restarting all Exchange services, the IIS Admin Service, and the Windows Management services. Because of this latency, you should grant necessary permissions as soon as you know you will need them, not just before you need to use them.
Note: As of this writing, only Receive As permission is essential for ExMerge to function properly with a database running in an ordinary storage group. You can therefore restrict the Exchange recovery administrators group to this permission rather than Full Control. If granting only Receive As permission does not work, you should then grant Full Control as an initial troubleshooting step.
- 2/8/2010
- SoulRider - MCSA
What do you mean with:
"In Exchange System Manager, locate the target database and open its Properties dialog box."
I want to extract a single users mail into a PST file, it says it can't access the database in the log.
What target database? Where exactly should I set the permissions?
Best regards,
Björn
Open Exchange System Manager
Click the + next to Servers
Click the + next to your Exchange Server
Click the + next to your Storage Group
Right click on your Mailbox Store, choose properties
Click the Security Tab
Click Advanced
Click Add
Click Advanced
Click Find Now
Find the Security Group you added in the first section.
Click OK
Click OK
Click Full Control
Click OK
Click OK
Click OK
Wait up to 15 minutes to permissions to propagate.
You have now added your security group to the database. You have to do this in order to be able to access that one users. Hope it helps
Wayne Leiser, CTO
Spectacular Computer Repair
www.scrfix.com
941.923.6280
Mon - Thu 11am - 7pm EST
Fri - Sat 11am - 3pm EST
- 11/29/2008
- networksplus
