cancel
Showing results for 
Search instead for 
Did you mean: 

EVService Account Permissions

wilsond3010
Level 6
Partner

We are having a problem with the EVService Account and what level of Active Directory Permissions it needs

 

When removed from the Domain Admin group it stop's all journalling and mail archiving

 

even though it's got full permissions within the exchange system itself

 

is it because it's not a local admin on the exchange server as well

 

5 REPLIES 5

JesusWept3
Level 6
Partner Accredited Certified

could you post a dtrace of the JournalTask or ArchiveTask, its possible its a Global Catalog issue?

https://www.linkedin.com/in/alex-allen-turl-07370146

wilsond3010
Level 6
Partner

unfortunately no we got the Domain Admin permission re-added to the account.

But keep pushing to have us remove it from they service account

Rob_Wilcox1
Level 6
Partner

Take a look at the Install and Config Guide.  Search for Additional Requirements for Exchange Server Archiving.

 

The VSA does not need Domain Admin group membership.

 

It would also be helpful to know :-

 

* EV version and Service Pack

* Targetting which version(s) and service pack(s) of Exchange Server

Working for cloudficient.com

AndresMunoz
Level 5
Partner Accredited

Additionally, it must be an Exchange Administrator. From memory since EXCH 2003SP2 local administrator and domain admins had a explicit deny right applied (by default), which might have been changed in your organization.

If you are using Exchange 2007/2010, then you need to assign Exchange Server permissions for the Vault Service Account. See the following technote

http://www.symantec.com/business/support/index?page=content&id=TECH138606

Hope this helps

AndresMunoz
Level 5
Partner Accredited

And no, it should not be a domain admin. EV Best practice is not to make this account a domain admin.