[LEGACY] Configuring the Mimecast Synchronization Engine service account for Exchange 2003

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on Dec 2, 2015
Version 3Show Document
  • View in full screen mode

Applies to: version 2.9.1 and earlier.

This article describes the requirements and steps required to configure a the Mimecast Synchronization service account for Exchange 2003 environments.


Exchange Permissions


For Exchange 2003 the user that is selected to run the Mimecast Synchronization Engine service needs to be mailbox enabled and have the Send As, Receive As, and Full Mailbox Access permissions on all Exchange mailboxes.


Assuming that all child objects inherit permissions from parent objects in Active Directory (this is the default setting) these permissions can be set at either the Virtual Server, Mailbox Store, or individual mailbox level.


Applying the permission as high up the Exchange hierarchy tree as possible will simplify the administrative overhead when configuring this.


The permissions can be set by following these steps:


  1. Open Exchange System Manager as an Exchange Full Administrator and expand Administrative Groups
  2. Right-Click on the object where the permissions are going to be set, for example the Virtual Server, or Mailbox Store and open the Properties dialog.
  3. Navigate to the Security tab and click Add.
  4. Enter the name of the user account that will run the Mimecast Synchronization Engine service and click OK.
  5. This will automatically apply all of the required permissions.
  6. Finally click OK to apply the new settings.


To set the permission on the Administrative Group level:


The steps listed above can also be applied at the Administrative Group level, however, In order to set the permissions at this level the Windows registry must be edited to enable the security tab in the properties window of the Administrative Group. This is done by:


  1. Open the Registry Editor on the Exchange server.
  2. Navigate to the HKEY_CURRENT_USER\Software\MicrosoftExchange\EXAdmin registry key.
  3. Right-click EXAdmin, and click New | DWORD Value.
  4. Set the New Value #1 to ShowSecurityPage. Press Enter.
  5. Double-click ShowSecurityPage.
  6. In the Edit DWORD Value dialog box, enter 1 in the Value Data box, and then click OK.
  7. Close the Registry Editor on the Exchange server.


Setting the Service Account

Once the Mimecast Synchronization Engine is installed the service account should be set using the Site Configure utility. To do this follow these steps:

  1. Open the Site Configure Utility from Start | Programs | Mimecast Synchronization Engine
  2. Navigate to the Accounts Tab.
  3. Use the button to the left of the User Name text box to launch a Windows account picker dialog box.
  4. Type the name of the user account to set as the service account and click OK.
  5. Type the password for the user account.
  6. The utility will automatically detect the primary SMTP address of the user and populate this in the SMTP address text box of the Microsoft Mailbox section.

    Do not edit the auto-populated address or add a password here. Doing so will change the way that the Mimecast Synchronization Engine connects to Exchange and can cause avoidable mailbox access issues down the line.

  7. Finally leave the Directory | Type to the default Microsoft Active Directory and click Apply.


Next Steps


With the service account configured you are now ready to bind your Mimecast Synchronization Engine site to Mimecast. To learn more about this please see [LEGACY] Binding the Mimecast Synchronization Engine.