How to Use ADSI Edit to Add Full Control Permissions to the Exchange Computer Account

  • Article

 

This topic explains how to manually apply permissions to a Microsoft® Exchange Server 2003 computer account. These permissions are applied automatically when you run Exchange Server 2003 Setup. If you accidentally delete an Exchange Server 2003 computer account from Active Directory, you must either run Setup in "Reinstall" mode on the Exchange server (recommended) or re-create the computer account and apply the appropriate permissions to that account.

Before You Begin

Before you assign permissions, you must create a computer account for the computer running Exchange Server 2003.

After you create the computer account, you can grant the new account the required permissions.

Warning

If you use the ADSI Edit snap-in and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require that you to reinstall Microsoft Windows Server™ 2003, Microsoft Exchange Server 2003, or both. Serious problems may occur if you incorrectly modify Active Directory object attributes. Modify these attributes at your own risk.

Procedure

To use ADSI Edit to add Full Control permissions to the Exchange computer account

  1. Start ADSI Edit, and then browse to the following location:

    Domain.com/Configuration/Services/Microsoft Exchange/Org/Administrative Groups/AdminGroup/Servers/Server Name

  2. Right-click the server name, and then click Properties.

  3. Click the Security tab, and then click Add.

  4. Locate the computer account for the Exchange Server computer.

  5. Click Add, and then verify that the account is added to the Permissions window with full control.

  6. Click OK, and then close ADSI Edit.

  7. Add the Exchange Server computer account to Exchange Domain Servers group.

  8. Restart the Exchange Server computer.

You should also examine the local Exchange Domain Servers group within the domain to make sure that your new computer account is a member. The System Attendant will try to add the computer account to this group when it starts; however, if this process is unsuccessful, you will have to add the account manually by using the Active Directory Users and Computers snap-in.

For More Information

For more information, see the Microsoft Knowledge Base article 297295, "The computer account for Exchange Server is absent."

For more information about working with ADSI Edit, see the topic "Adsiedit.msc: ADSI Edit" in the Windows Server Help.