Configure admin rights to access Exchange 2003 mailbox

I have a Windows NT 4.0 server with Exchange 5.5 and a new Windows Small Business Server (SBS) 2003 with Exchange Server 2003. I can successfully export the NT4 users to SBS's Active Directory using the instructions in the SBS_MigratingSBS45.doc. But when I get to the Exchange Migration Wizard, no matter what I do, I can't get past the screen with the server name, user and password. The error I get is: "Unable to log onto the server. Please verify server name, port, account name and password."

These details are definitely correct; I used them to do the Active Directory export. What am I missing?

    Requires Free Membership to View

    Login

By default in Exchange 2003, the administrative account does not have the necessary permissions to log into an Exchange mailbox. In order for a service account to have the necessary rights to log into an Exchange mailbox, you will most likely need to confirm that you have 'Send As' and 'Receive As' rights.

You can expose the security page on Exchange Server through the registry modification called ShowSecurityPage as shown in Figure A.


Figure A: Exchange's Registry Editor displays the registry modification called ShowSecurityPage.
(Click on image for enlarged view.)

Once you add this under HKEY_CURRENT_USERSoftwareMicrosoftExchangeExadmin and then right-click on Properties in Exchange System Manager (ESM), you will see the screen shown in Figure B.


Figure B: Permissions for administrator rights can be found in ESM under Properties -> Security.
(Click on image for enlarged view.)

In Figure B, note that I do not have Deny ticked on the 'Send As' and 'Receive As' permissions for the administrative account.

Double check that your service account is a member of a group that has more restrictive rights as it relates to 'Send As' and 'Receive As' rights.

You'll also want to confirm that you typed in the appropriate port as well: port 389 or 390, depending on the implementation of the Active Directory Connector (ADC). You can use a Windows Support utility called LDP.EXE to attempt to connect to the target organization to see if you are getting similar errors.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

  • Tip: Regain service-account access to user mailboxes
  • Tip: Logging into Exchange with NT vs. AD accounts in mixed mode
  • Reference Center: Exchange deployment and migration advice
  • Reference Center: Microsoft Exchange Server permissions

    • This was first published in September 2007

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.
      Back to top