[LEGACY] Configuring the Mimecast Synchronization Engine service account for Exchange 2007

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on Dec 2, 2015
Version 3Show Document
  • View in full screen mode

Applies to: version 2.9.1 and earlier.

This article describes the requirements and steps required to configure a the Mimecast Synchronization service account for Exchange 2007 environments.

 

Exchange Permissions

 

For Exchange 2007 the user that is selected to run the Mimecast Synchronization Engine service needs to be mailbox enabled and have the following permissions:

 

  • Exchange Web Services Impersonation permission over the Client Access Server(s) in the Exchange Organization,
  • The May Impersonate Extended Active Directory Right for all mailbox databases.

 

These permissions can be configured by following these steps: To configure the Exchange Web Services Impersonation permission on all Client Access servers in the Organization

 

  1. Open an Exchange Management Shell as an Exchange Organization Administrator
  2. Run this command:
    Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity User1 | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
    Where User1 is the user account selected to run the Mimecast Synchronization Engine service.

    This will apply the permissions for your existing Client Access Servers, in the event where you need to add new Client Access Servers you will need to re-run this command to apply the permission to the newly added server.

To configure the May Impersonate Extended Active Directory Right on all Mailbox databases:

 

  1. Open an Exchange Management Shell as an Exchange Organization Administrator
  2. Run this command:
    Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User User1 -ExtendedRights ms-Exch-EPI-May-Impersonate}
    Where User1 is the user account selected to run the Mimecast Synchronization Engine service.

    This will apply the permissions for your existing mailbox databases, in the event where you add new mailbox databases you will need to re-run this command to apply the permission to the newly added database.

Setting the Service Account

Once the Mimecast Synchronization Engine is installed the service account should be set using the Site Configure utility. To do this follow these steps:

  1. Open the Site Configure Utility from Start | Programs | Mimecast Synchronization Engine
  2. Navigate to the Accounts Tab.
    site_config_sa.png
  3. Use the button to the left of the User Name text box to launch a Windows account picker dialog box.
  4. Type the name of the user account to set as the service account and click OK.
  5. Type the password for the user account.
  6. The utility will automatically detect the primary SMTP address of the user and populate this in the SMTP address text box of the Microsoft Mailbox section.

    Do not edit the auto-populated address or add a password here. Doing so will change the way that the Mimecast Synchronization Engine connects to Exchange and can cause avoidable mailbox access issues down the line.

  7. Finally leave the Directory | Type to the default Microsoft Active Directory and click Apply.

 

Next Steps

 

With the service account configured you are now ready to bind your Mimecast Synchronization Engine site to Mimecast. To learn more about this please see [LEGACY] Binding the Mimecast Synchronization Engine.

Attachments

    Outcomes