Granting the Enterprise Vault Vault Service Account the correct permissions for Microsoft Exchange


Granting the Enterprise Vault (EV) Vault Service Account (VSA) the correct permissions for Microsoft Exchange


When deploying Enterprise Vault (EV) to archive from an Exchange server, a prerequisite is to grant the Vault Service Account the proper rights to Exchange. There are 2 ways in which this can be achieved. Either using the Exchange System Manager or using the Exchange Management Shell (Powershell).

The Powershell method can only be used if the Exchange Organization is at least Exchange 2007 (i.e. a mixed environment where Exchange 2003 servers coexist with Exchange 2007) and the scripts are run from an Exchange 2007/2010 console and remotely executed against the Exchange 2003 server.

If the Exchange environment contains Exchange 2003 servers within an Exchange 2007/2010 organization, the Powershell scripts can be used.

To assign Exchange Server permissions to the Vault Service account

  1. Log in to the Exchange Server using an account that is assigned the following management roles:

    • Active Directory Permissions

    • Exchange Servers

    • Organization Configuration

    By default, members of the "Organization Management" role group are assigned these roles.

  2. On the Enterprise Vault server, locate the script called SetEVExchangePermissions.ps1 and copy it to the Exchange Server.

    The Exchange PowerShell scripts are in the PowerShellScripts sub folder of the Enterprise Vault installation folder (for example C:\Program Files (x86)\Enterprise Vault).

  3. On the Exchange Server, open the Exchange Management Shell.

  4. Run SetEVExchangePermissions.ps1.

    The syntax for this script is:

    .\SetEVExchangePermissions.ps1 -user domain\user_name


    domain is the Active Directory domain that the Vault Service account belongs to.

    user_name is the Vault Service account. If user_name contains spaces, enclose it in quotation marks.

  5. If you want to force these changes to take effect immediately, restart the Microsoft Exchange Information Store service on each Exchange mailbox server.

If the Exchange environment contains only Exchange 2003 and/or Exchange 2000 the Powershell scripts cannot be used. Follow the steps below for Exchange 2003/2000 environments.

  1. Start the Microsoft Exchange System Manager.

  2. Expand the Servers container.

  3. Right-click your Exchange Server and, on the shortcut menu, click Properties.

  4. Click the Security tab.

  5. Click Add.

  6. Double-click the Vault Service account to add it to the list.

  7. Click OK to go back to the Security tab. The Vault Service account has been added to the Name list.

  8. In the Name list, click the Vault Service account.

  9. In the Permissions list, make sure that all check boxes in the Allow column are selected. Select any check boxes that are not already selected.

  10. Click OK.

Terms of use for this information are found in Legal Notices.



Did this article answer your question or resolve your issue?


Did this article save you the trouble of contacting technical support?


How can we make this article more helpful?

Email Address (Optional)