Forum Discussion
- ZeRoC00LLevel 6
Normally the EV service account should NOT be a domain admin, see this technote:
http://www.symantec.com/business/support/index?page=content&id=HOWTO28135
Are you connecting to the EV resources with the EV service account, or with the BE service account ?
If you use the BE service account, add the following permissions in EV:
Extract of Steps:
1) In the EV Admin console, right click on Directory on the EV server and select 'Authorization Manager...'
2) Expand 'Definitions' then right click on 'Role Definitions' and select 'New Role Definition'
3) Give the definition a name like 'Backup Role' or something else descriptive for the Backup role.
4) Click 'Add' to add tasks, click the 'Tasks' tab, and add both 'EVT manage Index Location Backup Mode' and 'EVT Manage Vault Store Backup Mode'.
5) Click OK
6) Right click on Role Assignments and select 'Assign Roles...' Locate the Role Definition you just created and check it.
7) Click OK
8) Right click on the Role Assignment you created and select 'Assign Windows Users and Groups'
9) Add the Backup Exec ID to the object list and click 'Check Names' to be sure that the name is resolved
10) Click OK
- Striker_303Level 6
Is there any harm, If I add EV service account to domain admin group
(like will it break something in EV)
I just added ev service account as BESA and doamin admin to isolate, which I can revert back.
Actual BE service account already had above rights.
- ZeRoC00LLevel 6
Yes, it can break EV !!
Normally domain admins have explicit deny on all mailboxes, therefore a special EV is required to get permissions to be able to read all mailboxes. - Striker_303Level 6
Thanks Zero cool for the info,
I have created new doamin admin account and add it to BESA in BE
also added same to LSA on media server and EV server's
Backup works fine however Resource credential test still completes with "The device specified is invalid"
Related Content
- 9 months ago
- 3 months ago