Previous Topic: Log On Account ConditionsNext Topic: About Clusters

Protecting Microsoft Exchange Server EnvironmentsCreate an Exchange Server Domain User Account

Create an Exchange Server Domain User Account

To avoid Exchange Server auto-configuration problems, make sure you are using a domain admin account. Operations fail if the local system account is used. If you cannot permit use of the Domain Admin account, use this procedure.

Note: The Network Traffic Redirection method you choose also requires permission in order to complete the redirection process. Exchange Server scenarios typically use DNS or Move IP Address redirection methods.

  1. Create a Domain User account. This account will be used as a service account for Arcserve RHA. Set the password to Never Expire. If your policy is to periodically change passwords, do so manually to avoid breaking scenarios when passwords expire.
  2. Assign the Arcserve RHA Engine service account to the Local Administrators Group on both the Master and Replica servers. If you do not grant the Engine service account Local Administrator privileges, you must grant the Engine service account Full Access to each directory containing data to be replicated on both the Master and Replica servers.
  3. Assign the newly created service account to the Arcserve RHA Engine service on the Master and Replica servers.
    1. Click Start, Settings, Control Panel, Administrative Tools, LocalSecurityPolicy.
    2. Open Local Policies.
    3. Select User Rights Management.
    4. Find Log on as a Service.
    5. Right-click Log on as a Service and go to Properties.
    6. Confirm the Engine service account is listed. To add it, click Add User or Group.
    7. In the Select Users or Groups field, make the From This Location is set to the Domain and add the Engine service account.
    8. Click OK to close the Add User or Group dialog.
    9. Click OK to close the Log On as a Service Property dialog.
    10. Repeat this procedure on all servers involved in the scenario.
  4. Grant the Engine Service Exchange Full Administrator privileges.
    1. Open Exchange System Manager and select the Exchange Domain.
    2. Choose Action, Delegate Control.
    3. In the Exchange Administration Delegation wizard, click Next.
    4. Click Add.
    5. Click Browse.
    6. Change the location to be the Domain.
    7. Enter the name of the Engine service account.
    8. Click OK to add the account.
    9. Click OK in the Delegate Control Box.
    10. Click Next to finish the Exchange Administration Delegation wizard.
  5. Assign the Engine service account the appropriate permissions to the Engine service account User Object.
    1. Open ADSI Edit.
    2. Connect to the domain.
    3. Open the OU containing the User Objects. By default, this is CN=Users.
    4. Find the Engine service account object. CN=Arcserve RHA Engine service account
    5. Right-click the object and select Properties.
    6. Click Security tab.
    7. Click Add.
    8. Add the Engine service account.
    9. Set Permissions to Full Control.
  6. Assign full permission to the A or Host record of the Master server record in DNS zone.
    1. Right-click the Master's A record and click Properties.
    2. Click Security.
    3. Choose Full Control rights for the Arcserve RHA service account.