Problem
Granting the Enterprise Vault (EV) Vault Service Account (VSA) the correct permissions for Microsoft Exchange 2007 - 2019.
Solution
When deploying Enterprise Vault to archive from an Exchange server, a prerequisite is to grant the Vault Service Account the proper rights to Exchange. To grant these rights, you can use either the Exchange System Manager or the Exchange Management Shell (PowerShell). For details on permissions assigned by the script please refer to the Documentation.
The PowerShell method can only be used if the Exchange Organization is at least Exchange 2007 (i.e. a mixed environment where Exchange 2003 servers coexist with Exchange 2007) and the scripts are run from an Exchange 2007/2010 console and remotely executed against the Exchange 2003 server.
If the Exchange environment contains Exchange 2003 servers within an Exchange 2007/2010 organization, the PowerShell scripts can be used.
To assign Exchange Server permissions to the Vault Service account using PowerShell:
-
Log in to the Exchange Server using an account that is assigned the following management roles:
Active Directory Permissions
Exchange Servers
Organization Configuration
By default, members of the Organization Management role group are assigned these roles.
Copy the script called SetEVExchangePermissions.ps1 from the \Veritas Enterprise Vault\PowerShell Scripts folder on the Enterprise Vault media to the Exchange Server.
The Exchange PowerShell scripts are also in the PowerShellScripts sub folder of the Enterprise Vault installation folder (for example C:\Program Files (x86)\Enterprise Vault ).
On the Exchange Server, open the Exchange Management Shell. Note that this must be the Exchange Management Shell as the Windows Management Shell will not work properly to execute the script.
Run SetEVExchangePermissions.ps1.
The syntax for this script is:
.\SetEVExchangePermissions.ps1 -User domain\user_name [-Server exchange_server] [-Action ] [-Level ] [-Verbose ]The parameters are as follows:
User (required) domain\user_name is the Vault Service account and the domain that it belongs to. If user_name contains spaces, enclose the whole domain\user_name string in quotation marks. -Server exchange_server is the name of the Exchange Server. The default is the Exchange Server on which the script is running. -Action Add permissions ( Add ) or remove them ( Remove ). The default value is Add . -Level Apply permissions that are required by the mailbox and provisioning task ( All ), or apply read-only permissions that are required by the provisioning task ( Provisioning ). The default value is All .
This parameter is ignored if the Action parameter is set to Remove .-Verbose Show all script output ( $True ) or minimal information ( $False ). The default value is $False . If you want to force these changes to take effect immediately, restart the Microsoft Exchange Information Store service on each Exchange mailbox server.
If the Exchange environment contains only Exchange 2003 and/or Exchange 2000 the PowerShell scripts cannot be used. Follow the steps below for Exchange 2003/2000 environments:
Start the Microsoft Exchange System Manager.
Expand the Servers container.
Right-click your Exchange Server and, on the shortcut menu, click Properties .
Click the Security tab.
Click Add .
Double-click the Vault Service account to add it to the list.
Click OK to go back to the Security tab. The Vault Service account has been added to the Name list.
In the Name list, click the Vault Service account.
In the Permissions list, make sure that all check boxes in the Allow column are selected. Select any check boxes that are not already selected.
Click OK .
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.