Using an Existing Account
If you do decide to use an existing account, we recommend that you:
- Change the password for the existing account.
- Set the password to never expire.
Using a New Account
If you are using a new account, do the following:
Using the tool appropriate for your platform, create a new account to run Microsoft Outlook to InterAction Sync. Specify that the account’s password never expires and that the user cannot change the password.
This account is granted access to all Exchange mailboxes in your Exchange organization. Be cautious with the password for this user.
- Once you have the Windows account set up properly, grant permissions to the Exchange Message Store. You can select to grant this account permission to the entire Exchange organization (if you are harvesting data for all employees) or just to specific users’ mailboxes.
Using the Exchange 2007/2010 Management Shell to Create a New Super User Account
- Open the Exchange Management Shell.
Execute the following command to be prompted for a Super User password.
$password = Read-Host "Enter password" -AsSecureString- Set the Super User password after receiving the “Enter password” prompt.
Enter the following command (replacing the text in <> with your Super User information) to create the Super User mailbox account.
New-mailbox -UserPrincipalName <String> -alias <String> -database "<DatabaseIdParameter>" -Name <String> -OrganizationalUnit <OrganizationalUnitIdParameter> -password <SecureString> -FirstName <String> -LastName <String> -DisplayName "<String>" - ResetPasswordOnNextLogon $falseSet the Super User account permission on an individual Mailbox database:
Get-MailboxDatabase -identity "ServerName\First Storage Group\Mailbox Database" | Add-ADPermission -user "DomainName\UserName" -ExtendedRights Receive-As, Send-AsVerify the rights for the super user on the mail database by entering the following command (replacing the text in <> with your super user information):
Get-MailboxDatabase | get-adpermission -user "<String>"
Example: Sample Command for Creating a Super User Mailbox Account
New-mailbox -UserPrincipalName iasync@ia2007.fakewebsite.com -alias iasync -database "Mailbox
Database" -Name IASYNC -OrganizationalUnit Users -password $password -FirstName InterAction -
LastName ExchangeSync -DisplayName "InterAction Exchange Sync" -ResetPasswordOnNextLogon $falseExample: Sample Command for Setting the Super User Account Permission on an Individual Mailbox Database
Get-MailboxDatabase -identity "Chicago\First Storage Group\Exchange Mailbox Database" | Add-
ADPermission -user "legal\emroberts" -ExtendedRights Receive-As, Send-AsExample: Sample Command for Verifying the Rights for the Super User on the Mail Database
Get-MailboxDatabase | get-adpermission -user "iasync"Note: What are the Minimum Required Settings for the Super User Account?
For security reasons, many organizations want to assign only the minimum security settings that are required for the Super User account. The Super User account only requires the Receive As, Send As and Create named properties in the information store security permissions on the server object or any administrative mailbox grouping in the Microsoft Exchange System Manager. These settings are sufficient for the Outlook to InterAction Synchronization process.
- In the Microsoft Exchange System Manager, right-click the server name or mailbox storage group and then choose Properties.
- Choose the Security tab.
- Choose Add to add a new account for the super user.
- Enter the account information and then choose OK.
In the Permissions area of the Properties dialog box, scroll down until you reach the Create named properties in the information store, Receive As, and Send As permissions. For each of these permissions, place a check mark in the Allow check box.
- Choose OK to close the Properties dialog box.