0 votes

Hi,

is there any guide what to do if the service account is not a domain admin?
Especially what rights does the account need for the Exchange connection?

The event log is full of errors that the account cannot read several things via LDAP (Permission denied).
And what is need for the Exchange servers (WinRM?).

Thanks!

by (200 points)

1 Answer

0 votes
by (216k points)
edited by
Best answer

is there any guide what to do if the service account is not a domain admin?

All operations in a managed domain are performed using the credentials of the account that was specified during the domain registration in Adaxes (domain service account). When you install Adaxes, the domain of the Adaxes service account is automatically registered using the credentials of this account. As long as the account does not have required permissions, you get the error messages. To remedy the issue, you need to specify a domain service account that has appropriate permissions in the domain. For details, see https://www.adaxes.com/help/?HowDoI.Man ... nInfo.html.

what rights does the account need for the Exchange connection?

The account that was used for registering your domain in Adaxes must be assigned to an appropriate role group in Exchange. We recommend assigning the service account to the Organization Management role group. It provides administrative access to an entire Exchange organization and can perform almost any task.

If, for some reason, you do not want to provide the account administrative access to your Exchange organization, you need to assign the account to the following role groups in Exchange:

For more details, see Understanding Management Roles.

0

Thank you very much!
I'll try that and report back.

Related questions

0 votes
1 answer

I upgraded to the latest Adaxes version about a month ago. Previously, I had my Domain Admin account as the service user, for the Softerra Adaxes service, and ... , but specified the different service account to run the Softerra Adaxes Service with.

asked Nov 26, 2019 by rurbaniak (1.4k points)
0 votes
1 answer

Hi team, we have two accounts for Adaxes in our AD Service account (running services) named "service-adaxes" Service Domain account (to connect to AD) named "service-adaxesdomain" ... script? Or do I need to grant permissions to "service-adaxes" to manage AD?

asked Jul 30 by wintec01 (1.5k points)
0 votes
1 answer

So not sure how it happened but the Adaxes web interface is connected to my domain admin account. When I tried to change it everything went down. Were are all the locations this password is store on the server? Thanks

asked Jan 20, 2015 by 7efd721c8b (420 points)
0 votes
1 answer

Hello, We have recently begun setting up Adaxes and are trying to exercise least privilege on both of the accounts we have created to manage the service. ... account is also given the appropriate Security Role within the Adaxes administrative console.

asked Sep 12, 2023 by just.kon (20 points)
0 votes
1 answer

Hi We have a couple of scheduled tasks set up to remove accounts which have been disabled for a perios of time. This works fine for normal user accounts, but we ... and former domain admin accounts? We're running the latest version of Adaxes Thanks Matt

asked Oct 26, 2022 by chappers77 (2.0k points)
3,550 questions
3,241 answers
8,235 comments
547,827 users