Domain User Which Is Being Used For MachPanel Should Be Member Of Following Groups For Standalone Exchange


Summary
Domain User for MachPanel (MPAdmin) should have privileges according to the information mentioned in this article.
Applies To
MachPanel all versions
Solution

Step-1: Create Domain Administrator Login (MPAdmin) if not present already

It is recommended that you create a new active directory user “MPAdmin” and call it the Domain Administrator Login. This will be the user responsible for connecting with Active Directory.
Follow below mentioned steps for creating new active directory user(MPAdmin):

  1. Click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
  2. In the console tree, click Users.
  3. Right click Users and point to New, and then click User.
  4. In First name, type the user's first name.
  5. In Initials, type the user's initials.
  6. In Last name, type the user's last name.
  7. Modify Full name to add initials or reverse order of first and last names.
  8. In User logon name, type the user logon name, i.e "MPAdmin" and click Next.
  9. Password and Confirm password, type the user's password, and then select the appropriate password options.

Step-2: Domain Administrator Login Permissions

Domain User (MPAdmin) which is created and being used for MachPanel should be member of certain groups for Standalone Exchange. For this;

  1. Click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
  2. In the console tree, click Users.
  3. In the details pane, right-click the user (MPAdmin that was  created for MachPanel) and then click Properties.
  4. Click on the Member of tab to check that this user (MPAdmin) has following permissions:
    • Domain users • Domain Admins • Administrators • Enterprise Admins • Exchange trusted Subsystem • Exchange Servers • Group Policy creator owner • Organization management • Public folder management • Schema Admins • Server management
   5. Click Add button in case any of the above mentioned permission is missing.
   6. In Enter the object names to select, type the name of the user, group, as mentioned above then click OK.

Note: The service account must have Read/Write/Delete (full access) on Remote Server folder and sub folders.