Note: If you are installing FolderMatic with Exchange 2007, skip this section and read the entirety of the section Appendix A: Exchange 2007 Permissions Setup, then continue with the section Prerequisite 4: Make the Service Account a Local Administrator.
Possible names you can make up for the Service Account could be something like zAdd2Exchange or zAdd2Exchange for the Service Account. However, we suggest creating some other name and a strong password to enhance your system's security.
Make a new user account to use as the Service Account. This account will serve as the logon for all FolderMatic administrative tasks.
Active Directory User Properties for the Service Account
|
When you create the account, make sure the mailbox Display Name is the SAME NAME as the account name. A good method of this happening automatically is to use ONLY the first name field when creating the Service Account in Active Directory. (This is a Service Account so the middle and last name are not necessary).
IMPORTANT: The Service Account also CANNOT have a blank Display Name. This effectively hides the account from the Global Address List.
Having the display name and the username the same is critical for backward compatibility of servers migrated from Exchange 5.5, so if this applies to your organization, please pay particular attention to this. (Exchange 5.5 is no longer supported by Add2Exchange, but more recent versions of Exchange may still have mailboxes migrated from 5.5 systems)
Tip: Since the Service Account CANNOT be hidden from the Global Address Book, it is wise to name it something with beginning with a "z". This way the name goes to the bottom of the Global Address List and does not confuse your users. The Service Account mailbox is not used by Add2Exchange, the account simply needs Exchange access which requires an active mailbox.
Verifying Service Account Not Hidden from Address Lists
|
Give the Service Account the necessary (and only the necessary) security group memberships.
Service Account Group Memberships
|
Once added, select the Service Account, go to the Properties of the user, and select the tab Member Of (in 2000 and 2003).
Add the following Group Memberships:
| • | Administrators |
| • | Domain Users |
| • | Pre-Windows 2000 Compatible Access |
| • | FolderMatic Security Group |
Add ONLY the memberships shown unless special circumstances apply. You do not need to add as part of the Terminal Services or Remote Desktop Group because the Administrators group usually already has this access.
Do not add any unnecessary memberships such as Domain Administrators or Exchange Domain Servers or Enterprise Administrators. Adding these memberships removes the mailbox permissions necessary for the Service Account to perform synchronization.