Service account permissions
An Active DirectoryA technology that provides a variety of network services, including LDAP-like directory services. user account is required to run all GFI OneConnect service processes on the server running the GFI OneConnect components. This user must have a number of special permissions pre-configured on the account.
User requirements:
- User must be a member of the domain in which the GFI OneConnect server is installed.
- User has a Microsoft Exchange mailbox.
- User must be a member of the local administrator group on the GFI OneConnect server, but not a domain administrator. To do this, on the GFI OneConnect server launch the Local Users and Groups applet (Start > Run > lusrmgr.msc) and add the user to Groups > Administrators.
- In Microsoft Exchange 2010 and higher, the user account must also be a member of the
Organization ManagementandRecipient Managementsecurity groups. For more information refer to http://go.gfi.com/?pageid=Exc2010_2016_Admin. - In Microsoft Exchange 2007, the User Account must be a member of the
Exchange Organization Administratorsecurity group. For more information refer to http://go.gfi.com/?pageid=Exc2007_Admin. - The user must be assigned a Microsoft Exchange management scope role that has access to all mailboxes (impersonation rights). For more information on how to create the management scope role, refer to Microsoft Exchange management scope role.