CA Identity Manager: Why do Microsoft Exchange service accounts require Administrative privileges on all mailbox servers

book

Article ID: 77520

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction



Why does the service account that connects Identity Manager to an AD/Exchange endpoint in agentless mode need to have local administrator privileges on all mailbox servers?

Environment

Release:
Component: IDMGR

Resolution

The AD/Exchange connector uses the Windows Remote Management Tools to manage objects on the endpoint. These tools require administrative rights as part of their permissions. Without the rights, the service account cannot use WinRMT and therefore cannot manage the mailboxes.