Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Exchange Server TechCenter
Click to Rate and Give Feedback
TechNet
TechNet Library
Exchange Server
Operations
 How to Grant Your Administrative Lo...

  Switch on low bandwidth view
Exchange Server 2003
How to Grant Your Administrative Logon Account Temporary Rights to Read All Mailboxes in an Exchange Database

Topic Last Modified: 2005-05-23

This topic explains how to grant your administrative logon account temporary rights to read all mailboxes in a Microsoft® Exchange Server 2003 database. Before you can insert data back into the original mailboxes, you must override the default administrative permissions denials on the target database.

By default, Microsoft Windows® accounts with administrative access are denied permission to read the content of ordinary Exchange mailboxes. For ExMerge to merge data with the original database, it must be able to open mailboxes in that database. Therefore, ExMerge cannot be used for this purpose by an administrator without first overriding the permissions denials. For more information, see Salvaging Data from the Recovery Storage Group in Exchange Server 2003.

  1. Create a Windows Security Group, and name it something such as "Exchange Recovery Administrators".

  2. Add the Windows account you are using to run ExMerge to this group. This account should already be an Exchange administrator account and have local administrator permissions on the Exchange server(s) involved in the mailbox merge process.

  3. In Exchange System Manager, locate the target database and open its Properties dialog box. On the Security tab, add the Exchange Recovery Administrators group and grant this group Full Control permissions on the database.

    It may be necessary to wait up to 15 minutes for the permissions granted to take effect. Alternatively, you can reset cached permissions by stopping and restarting all Exchange services, the IIS Admin Service, and the Windows Management services. Because of this latency, you should grant necessary permissions as soon as you know you will need them, not just before you need to use them.

    Aa996410.note(en-us,EXCHG.65).gifNote:
    As of this writing, only Receive As permission is essential for ExMerge to function properly with a database running in an ordinary storage group. You can therefore restrict the Exchange recovery administrators group to this permission rather than Full Control. If granting only Receive As permission does not work, you should then grant Full Control as an initial troubleshooting step.
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Fuzzy instructions      Decept   |   Edit   |   Show History

What do you mean with:

"In Exchange System Manager, locate the target database and open its Properties dialog box."

I want to extract a single users mail into a PST file, it says it can't access the database in the log.
What target database? Where exactly should I set the permissions?

Best regards,
Björn Wiberg (bjorn@devcore.se)

do not use the administrator account      networksplus   |   Edit   |   Show History
create a new account and grant it the rights.
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker