Rights Required for Online Database & Mailbox Access

Before connecting to a production online Exchange server, you must create and then grant specific rights to the DSAdministrators group.  The specific rights required will differ depending upon the version of Exchange Server to which you are connecting.

NOTE: For Office 365 | Exchange Online please see Creating an Office 365 Global Admin Account

DigiScope® now includes the DigiScope Administrator Account Setup Tool which will automatically set up the DSAdministrators group and DSAdmin service account.  The DigiScope Administrator Account Setup Tool can be found in the Utilities folder in the directory DigiScope® where was installed, usually "C:\Program Files\Lucid8\DigiScope\Utilities".  The DigiScope Administrator Account Setup Tool will need to be copied to each production online Exchange server you wish to connect to.  For more information, continue to the DigiScope Administrator Account Setup Tool page.

Alternatively, you may follow the instructions below to manually set up the DSAdministrators group and DSAdmin service account.

Create the DSAdmin Service Account

ATTENTION: DSAdmin Username Change
Previous versions DigiScope utilized an account just named "DSAdmin".  To better support the different permissions requirements of different versions of Exchange, we have changed the recommended account name to be Exchange-version specific, as in "DSAdmin2013", "DSAdmin2010", "DSAdmin2007", etc.

When following these updated instructions, please substitute your matching Exchange version number wherever it says "DSAdmin{ExchangeVersion}".  (For example, on Exchange 2010, use "DSAdmin2010".)

Create an account named "DSAdmin{ExchangeVersion}" which will be the default and recommended Service Account used to operate DigiScope® so that:

Create the DSAdministrators Group
Granting Online Database & Mailbox Access Rights

Select the appropriate link below to view detailed instructions on granting the required rights for your version of Microsoft Exchange.

ATTENTION: For customers with Small Business Server or Exchange installed on a domain controller, this additional step is REQUIRED.

Adding the DSAdministrators group to the Builtin Administrators Group

Since a domain controller has no Local Administrators group, to grant local administrator rights on a domain controller or Small Business Server, we must add the DSAdministrators group to the Builtin\Administrators group in Active Directory. To do so you must:

  1. Log onto the Exchange server or Small Business Server as a Domain Admin.

  2. Open Active Directory Users and Computers.

  3. Add the DSAdministrators group to the Builtin\Administrators group in Active Directory.

SBS_Admin.png

Additional Guidelines

For the best results, consider the following when working with any production online Exchange server database / mailbox.

Do not have Outlook open during DigiScope® operations.

NOTE: Microsoft does not completely support concurrent MAPI sessions between Microsoft Outlook and other products running on the same machine with the same user session. While both products may be installed on the same machine without issue, we highly recommend that you DO NOT attempt running DigiScope® and Outlook at the same time on the same user session.

Microsoft MAPI provider will prompt for credentials when attempting to connect / restore to a server with insufficient rights

Continue to DigiScope Administrator Account Setup Tool