Q

Configure admin rights to access Exchange 2003 mailbox

Learn how to configure administrator rights to grant permissions to an Exchange 2003 mailbox after receiving an "unable to log onto the server" error.

I have a Windows NT 4.0 server with Exchange 5.5 and a new Windows Small Business Server (SBS) 2003 with Exchange Server 2003. I can successfully export the NT4 users to SBS's Active Directory using the instructions in the SBS_MigratingSBS45.doc. But when I get to the Exchange Migration Wizard, no matter what I do, I can't get past the screen with the server name, user and password. The error I get is: "Unable to log onto the server. Please verify server name, port, account name and password."

These details are definitely correct; I used them to do the Active Directory export. What am I missing?

By default in Exchange 2003, the administrative account does not have the necessary permissions to log into an Exchange mailbox. In order for a service account to have the necessary rights to log into an Exchange mailbox, you will most likely need to confirm that you have 'Send As' and 'Receive As' rights.

You can expose the security page on Exchange Server through the registry modification called ShowSecurityPage as shown in Figure A.

Img2
Figure A: Exchange's Registry Editor displays the registry modification called ShowSecurityPage.
(Click on image for enlarged view.)

Once you add this under HKEY_CURRENT_USERSoftwareMicrosoftExchangeExadmin and then right-click on Properties in Exchange System Manager (ESM), you will see the screen shown in Figure B.

Img3
Figure B: Permissions for administrator rights can be found in ESM under Properties -> Security.
(Click on image for enlarged view.)

In Figure B, note that I do not have Deny ticked on the 'Send As' and 'Receive As' permissions for the administrative account.

Double check that your service account is a member of a group that has more restrictive rights as it relates to 'Send As' and 'Receive As' rights.

You'll also want to confirm that you typed in the appropriate port as well: port 389 or 390, depending on the implementation of the Active Directory Connector (ADC). You can use a Windows Support utility called LDP.EXE to attempt to connect to the target organization to see if you are getting similar errors.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

  • Tip: Regain service-account access to user mailboxes
  • Tip: Logging into Exchange with NT vs. AD accounts in mixed mode
  • Reference Center: Exchange deployment and migration advice
  • Reference Center: Microsoft Exchange Server permissions
  • This was first published in September 2007

    Dig deeper on Microsoft Exchange Server Permissions

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseDesktop

    SearchCloudComputing

    SearchSQLServer

    Close