ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
CA Identity Manager: Why do Microsoft Exchange service accounts require Administrative privileges on all mailbox servers
Article ID: 77520
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
Why does the service account that connects Identity Manager to an AD/Exchange endpoint in agentless mode need to have local administrator privileges on all mailbox servers?
Environment
Release:
Component: IDMGR
Component: IDMGR
Resolution
The AD/Exchange connector uses the Windows Remote Management Tools to manage objects on the endpoint. These tools require administrative rights as part of their permissions. Without the rights, the service account cannot use WinRMT and therefore cannot manage the mailboxes.
Feedback
Yes
No
Powered by
