Connector Guides › Connectors Guide › Connecting to Endpoints › Microsoft Exchange Connector › Privileges Required to Connect to the Exchange Endpoint

Privileges Required to Connect to the Exchange Endpoint

If you set up agentless mode, there are different required privileges for Exchange 2007 and Exchange 2010 service accounts (and they work differently).

Agentless mode for Exchange 2007

The service uses a domain service account as its logon account, which must have sufficient privileges to manage Exchange Server. Ensure that this account has at least the following roles:

• The Exchange Recipient Administrator role
• The Exchange Server Administrator role on all the mailbox servers
• The Local Administrators group on all the mailbox servers and the CCS machine.

Agentless mode for Exchange 2010

The administrative account that you use to acquire the Active Directory endpoint is also used to manage both Active Directory and Exchange Server.

This account must have sufficient privileges in Active Directory and for managing exchange mailboxes, mail contacts. This account must have the same privileges as the service account that is used for the remote agent.

Connect to Exchange 2010 (Agentless)

The following diagram shows the tasks that are required to connect to the endpoint, and who does each task. It shows the process for connecting to Exchange 2010 without an agent on the endpoint.

1. The Exchange administrator configures the endpoints.
2. The connector server administrator does the following steps:
   1. Configure the CCS computer.
   2. Test the connection to Exchange 2010.
3. The administrator of each CA product connects to the Active Exchange 2010 endpoint by updating the existing connection to Active Directory.