These are some of the things you need to ensure when configuring the Exchange Agent
The account needed for backup of Exchange Brick level and Information store should be configured as follows:
Sample Account name : Dbagent
Check List:
O/s Security:
Dbagent:
1. Should be a domain account with a mailbox on the Exchange server you are trying to backup.
2.Should be a member of Administrators, Backup Operators and Domain Admins,primary group should be set as domain admins.
Note: If it is a part of domain users, remove domain users from the "member of " list. Else the domain lockout problem you faced before might reoccur .
Refer Microsoft Q article on this - Q276590
If ADS is running on the Exchange Server should be given the following rights
Administrative Tools - DOMAIN CONTROLLER SECURITY POLICY
************************************************************
Make sure that you are changing / setting rights in the local security policy and should not be done in Domain Security Policy or Domain Controller Security Policy other wise the domain lockout problem as you faced will reoccur. Refer Microsoft
Q article on this - Q276590
************************************************************
- Policies - User Rights Assignments
a.Logon locally,
b.Logon as a service,
c.act as part of the operating system rights should be
assigned to the domain\dbagent account.
If the Exchange server is a member server, then the domain\dbagent account should be added as a member to the following local groups on the Exchange server
a. Administrators
b. Power Users
Exchange permissions
1. Open Exchange System Manager - Right Click on the organization-Delegate Control -
Assign Exchange Admin or Exchange Full Admin role to the dbagent account.
2.Open Outlook and create a profile and open the mailbox of the account "dbagent" and
create and send a mail out and also receive a mail to initialize the mailbox.
( Note: Outlook need not be local to the Exchange server)
3. Mailbox should not be hidden from the Global address list.
4. First three characters should unique.
Note: If you open Outlook and create a new mail message and in the To: field type the first 3 characters "dba" and press CTRL +K, it should resolve the name automatically and should not give you a list.
(Note: If the Agent is update with Sp4- you can use Exchuser.exe(found in the dbaxchg folder) to create this user. This will create a log named, DBAEXCUserSummary.log))
Run the Backup Agent for Exchange configuration and provide the information and select Name Pipe as the protocol and run the agent configuration.
On the Exchange server, try logging in to the domain using the "dbagent" account.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.