Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Exchange Full Administrator
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Exchange Full Administrator - 6.Aug.2008 8:32:11 AM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
I have newly joined a company with Microsoft Environment and has Exchange 2003 deployed and the person who deployed Exchange 2003 is out of my reach and he used his personal account to perform deployment. Means there is only one account as the only Exchange Full Administrator.
The Account still exist in AD but i dont know the password of it. I am confused about changing the password as that account may have create problems in running exchange services. Will it create problem if i changed the password of the Exchange Full Administrator.
Second thing is that if i try to delegate my own ID as Exchange Full Administrator then it shows me errors
Failed to grant permission for "domain name"\Exchange Security Group on this object /dc=com/dc="domain name"/cn=Configuration.
The delegation wizard could not grant/change permissions for: "Domain Name"\Exchange Security Group.
If anyone has any tips or suggestions, do share it as i cant take backup of my emails from NetBackup.
|
|
|
|
|
RE: Exchange Full Administrator - 6.Aug.2008 12:15:51 PM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
If you have Domain Admin rights then check what account the services are running on. They should not be running under a specific user account - if they are then change them to Local System and restart the server.
If the account used to deploy Exchange belongs to an Ex-Staff member then I would be looking to get rid of that account as soon as possible.
Furthermore, unless someone has hacked about with the permissions, by default an Domain Admin should have Full access to Exchange.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/
|
|
|
|
|
RE: Exchange Full Administrator - 6.Aug.2008 11:57:46 PM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
I do have Domain Admin Rights and the account which is Exchange Full Administrator is also a Domain Admin.
Yes the account belong to a Ex-Staff member which left the organization some 3 years back.
How can i get rid of the account so that i can add a new general account which will be accessed to all the future Network Admins
Should i reset the password of the Ex-Staff account or i should change the account with another account which solution is better
by the way can you guide me how to change that previous account to another account
< Message edited by shrry8 -- 7.Aug.2008 8:38:32 AM >
|
|
|
|
|
RE: Exchange Full Administrator - 7.Aug.2008 10:32:21 AM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
If Exchange has been installed correctly, then the account used to install Exchange shouldn't matter. The most that you will have to do is move the postmaster@ email address to another account. That may have already happened.
Check the services on the machine for a dependency on that account. You can also test things by changing the password and then rebooting the server and see if anything fails to start. The days of a systems being reliant on a specific user account are long gone.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/
|
|
|
|
|
RE: Exchange Full Administrator - 7.Aug.2008 11:12:30 PM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
Sorry, i didnt get your pointquote:
The most that you will have to do is move the postmaster@ email address to another account. That may have already happened.
I have checked the dependenices on all the Exchange Services that are started now but didnt saw any particular services related to that user.
Some of the Services dependenices are EXIFS, Event Log, NT LM Security Support Provider, Server, Workstation, Windows Management Instrumentation, RPC, IIS Admin Services.
|
|
|
|
|
RE: Exchange Full Administrator - 8.Aug.2008 6:03:42 PM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
postmaster@ email address usually goes on to the account that was used to install Exchange. You should attempt to put that address on to another account - the administrator account is the usual account.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 1:52:18 AM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
postmaster@ email address usually goes on to the account that was used to install Exchange. You should attempt to put that address on to another account - the administrator account is the usual account.
Still didnt get your point
Can you tell me how to get rid of the previous account and put another new accout as Exchange Full Administrator which i think is the best solution for me as i m not been able to take backup of my Exchange Server.
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 5:11:48 AM
|
|
|
Jugal
Posts: 69
Joined: 24.Oct.2007
From: Delhi, India
Status: offline
|
Hi Shrry,
Postmaster is the account which is used by exchange server to do lot of things like getting NDA report or catch spam mails or something like this. You have to check with which user it is attached by looking for e-mail accounts or e-mail addresses tab.
You first check it for the same user which was used to install the exchange.
_____________________________
Regards,
Jugal; MS Exchange Architect & Designer
If an advice works, report this to the fourm.
Want a quicker answer - than describe your issue in as much detail as possible and exactly what steps you have already taken.
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 5:13:41 AM
|
|
|
Jugal
Posts: 69
Joined: 24.Oct.2007
From: Delhi, India
Status: offline
|
After finding the user, delete or remove the postmaster address from there and add it to new user or the Administrator.
_____________________________
Regards,
Jugal; MS Exchange Architect & Designer
If an advice works, report this to the fourm.
Want a quicker answer - than describe your issue in as much detail as possible and exactly what steps you have already taken.
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 5:20:24 AM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
After Taking the properities of the PostMaster on the Email Address Tab there is only Postmaster@mycompany.org listed and some attributes of this account
I am not an expert in MS Exchange so please guide me if i am wrong at this point
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 5:38:59 AM
|
|
|
Jugal
Posts: 69
Joined: 24.Oct.2007
From: Delhi, India
Status: offline
|
Hi Shrry,
You just opened the same Ex-staff member properties in AD and over there under the E-mail address tab, just look for the Postmaster address name.
If it is not there then look for domain Administrator mailbox.
If not there, then just try to add postmaster address of one of your ID, and check if it gives warning of that this is already in use. If it is in use, then you have to check for every users properties.
By the way, do not get panic, it is not very important job, just a recomended task.
_____________________________
Regards,
Jugal; MS Exchange Architect & Designer
If an advice works, report this to the fourm.
Want a quicker answer - than describe your issue in as much detail as possible and exactly what steps you have already taken.
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 5:44:08 AM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
The address listed with Ex-Staff member account is administrator@mycompany.org and the userid for the account is NetGuru
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 5:51:52 AM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
When trying to add postmaster@mycompany.org account on my user id as SMTP Address in Email Address Tab
its gives me error
The email Address already exist in the organization
ID no. c1032e7
Microsoft Active Directory - Exchange Extension
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 6:03:14 AM
|
|
|
Jugal
Posts: 69
Joined: 24.Oct.2007
From: Delhi, India
Status: offline
|
Now, here comes the big job. you have to check for users with whom this address is attached.
Lets start from the It help desk ID and then go forward to look for all the IT ID's and then to the people related to IT.
and ..............then rest.
_____________________________
Regards,
Jugal; MS Exchange Architect & Designer
If an advice works, report this to the fourm.
Want a quicker answer - than describe your issue in as much detail as possible and exactly what steps you have already taken.
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 6:30:59 AM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
I have checked
my Postmaster ID is attached with email postmaster@mycompany.org
and my NetGuru ID is attached with administrator@mycompany.org
NetGuru ID is also working as Exchange Full Administrator.
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 6:38:51 AM
|
|
|
Jugal
Posts: 69
Joined: 24.Oct.2007
From: Delhi, India
Status: offline
|
i guess you want to write, taht your ID is attached with the postmaster address? right
so u r through with the problem
_____________________________
Regards,
Jugal; MS Exchange Architect & Designer
If an advice works, report this to the fourm.
Want a quicker answer - than describe your issue in as much detail as possible and exactly what steps you have already taken.
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 6:44:16 AM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
no no
my id is not attached with the postmaster ID.
There are two ID's Postmaster and NetGuru.
NetGuru ID is attached with Administrator@mycompany.org address which i think is Domain Administrator ID
and Postmaster ID is attached with postmaster@mycompany.org
i have my own ID attached with my Email address.
< Message edited by shrry8 -- 11.Aug.2008 7:13:44 AM >
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 9:40:58 AM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
The simple answer to this question is to confirm whether the postmaster@ email address is on the account you wish to remove. If it is not, then nothing more needs to be done.
postmaster@ is a system email address that is used on NDRs and things like that. While it is possible for the server to operate without that address being on a user account is not advisable.
As I wrote much earlier, there are only two things that you have to worry about - service dependency and postmaster@ email address. If both of those are clear then then you can delete or change the account as required.
If the account hasn't been touched in three years then that may well be a security risk. When an admin leaves their password should be changed before they have reached their car to drive home.
The only other thing you might want to look at removing is any permissions that this user account has specifically. Ideally permissions should be assigned to groups, not users, so that you don't have to strip out permissions when an account is removed.
If you don't do that then the server will continue to operate, you will simply see broken account references (S-123-456789-012 etc).
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/
|
|
|
|
|
RE: Exchange Full Administrator - 11.Aug.2008 11:36:01 PM
|
|
|
shrry8
Posts: 43
Joined: 10.May2008
Status: offline
|
Can you tell me how can i change the Exchange Full Administrator Account to my own account
|
|
|
|
|
RE: Exchange Full Administrator - 12.Aug.2008 6:59:56 AM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Right click on the Exchange org and choose Delegate Control. Then run through the wizard and select the account or group to be made Full Exchange Admin. You can have more than one person with those permissions.
If the option is not available to you, then you will have to change the password on the account that currently has that option, log in as that account and change the permissions that way.
However your best option is to create a GROUP or add the permission to the Domain Admins group, rather than to a specific account. That way if something was to happen to the account and make it unusable you are not locked out and facing hacks to get access.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
