Before connecting to a production online Exchange server, you must create and then grant specific rights to the DSAdministrators group. The specific rights required will differ depending upon the version of Exchange Server to which you are connecting.
WARNING: Running Outlook and DigiScope simultaneously may cause connectivity issues.
NOTE: For Office 365 | Exchange Online please see Creating an Office 365 Global Admin Account
DigiScope now includes the DigiScope Administrator Account Setup Tool which will automatically set up the DSAdministrators group and DSAdmin service account. The DigiScope Administrator Account Setup Tool can be found in the Utilities folder in the directory DigiScope where was installed, usually "C:\Program Files\Lucid8\DigiScope\Utilities". The DigiScope Administrator Account Setup Tool will need to be copied to each production online Exchange server you wish to connect to. For more information, continue to the DigiScope Administrator Account Setup Tool page.
Alternatively, you may follow the instructions below to manually set up the DSAdministrators group and DSAdmin service account.
ATTENTION:
DSAdmin Username Change
Previous versions DigiScope utilized an account just named "DSAdmin". To better support
the different permissions requirements of different versions of Exchange,
we have changed the recommended account name to be Exchange-version specific,
as in "DSAdmin2013",
"DSAdmin2010", "DSAdmin2007", etc.
When following these updated instructions, please substitute your matching
Exchange version number wherever it says "DSAdmin{ExchangeVersion}".
(For example, on Exchange 2010, use "DSAdmin2010".)
Create an account named "DSAdmin{ExchangeVersion}" which will be the default and recommended Service Account used to operate DigiScope so that:
The account is easily identifiable and the account's actions are auditable.
The account can be easily disabled and enabled without affecting other existing accounts.
Other policies and or rights granted or denied to other accounts do not affect the DSAdmin{ExchangeVersion} account since it will strictly inherit its rights from the DSAdministrators group.
Create a group named "DSAdministrators"
Add DSAdmin to the DSAdministrators group.
Add any other desired accounts / users to the DSAdministrators group. However, before doing so, consider the following:
Members of multiple groups will have overlapping layers of security which imposes Least-Privileged User (LPA) restrictions on that account. Therefore, even though the DSAdministrators group will be given explicit rights to have full access to all mailboxes, a member’s LPA may restrict their ability to fully operate DigiScope.
If a member of the DSAdministrators group has issues operating DigiScope, try using the DSAdmin account instead. If the DSAdmin account works without error, then the issue is probably due to LPA on the other account.
Select the appropriate link below to view detailed instructions on granting the required rights for your version of Microsoft Exchange.
Granting Access to Exchange 2003 Production Databases / Mailboxes
Granting Access to Exchange 2007 Production Databases / Mailboxes
Granting Access to Exchange 2010 - 2019 Production Database / Mailboxes
ATTENTION: For customers with Small Business Server or Exchange installed on a domain controller, this additional step is REQUIRED.
Since a domain controller has no Local Administrators group, to grant local administrator rights on a domain controller or Small Business Server, we must add the DSAdministrators group to the Builtin\Administrators group in Active Directory. To do so you must:
Log onto the Exchange server or Small Business Server as a Domain Admin.
Open Active Directory Users and Computers.
Add the DSAdministrators group to the Builtin\Administrators group in Active Directory.
For the best results, consider the following when working with any production online Exchange server database / mailbox.
NOTE: Microsoft does not completely support concurrent MAPI sessions between Microsoft Outlook and other products running on the same machine with the same user session. While both products may be installed on the same machine without issue, we highly recommend that you DO NOT attempt running DigiScope and Outlook at the same time on the same user session.
The symptoms of running both products at the same time under the same user account may manifest repeated requests for security credentials via a Windows dialog, or inability to access one or more mailboxes from each product.
If you must run both products simultaneously we suggest you use the RunAs... command to run one of the programs under a different user account.
Attempting to access a target mailbox where the DigiScope operator / user does not have the required rights will cause the MAPI provider to prompt for the credentials of an authorized operator / user.
Continue to DigiScope Administrator Account Setup Tool