02-17-2011 08:27 AM
We are having a problem with the EVService Account and what level of Active Directory Permissions it needs
When removed from the Domain Admin group it stop's all journalling and mail archiving
even though it's got full permissions within the exchange system itself
is it because it's not a local admin on the exchange server as well
02-17-2011 08:36 AM
could you post a dtrace of the JournalTask or ArchiveTask, its possible its a Global Catalog issue?
02-17-2011 08:47 AM
unfortunately no we got the Domain Admin permission re-added to the account.
But keep pushing to have us remove it from they service account
02-17-2011 09:30 AM
Take a look at the Install and Config Guide. Search for Additional Requirements for Exchange Server Archiving.
The VSA does not need Domain Admin group membership.
It would also be helpful to know :-
* EV version and Service Pack
* Targetting which version(s) and service pack(s) of Exchange Server
02-17-2011 02:33 PM
Additionally, it must be an Exchange Administrator. From memory since EXCH 2003SP2 local administrator and domain admins had a explicit deny right applied (by default), which might have been changed in your organization.
If you are using Exchange 2007/2010, then you need to assign Exchange Server permissions for the Vault Service Account. See the following technote
http://www.symantec.com/business/support/index?page=content&id=TECH138606
Hope this helps
02-17-2011 02:35 PM
And no, it should not be a domain admin. EV Best practice is not to make this account a domain admin.