Answered by:
Setting up the Exchange connector with read only.

Question
-
Hello,
I found the instructions on what cmdlets are needed for a read only Exchange Connector. Problem is I am not an Exchange or Powershell user. :) Are there any step by step instructions on how to set up the user with the needed permissions to make this work?
Can I configure the Exchange Server connector for read-only mode?
Yes, if you only want to find mobile devices and retrieve inventory data from them as a read-only mode of operation, you can do this by granting a subset of the cmdlets that the account uses to connect to the Exchange Client Access server. The required cmdlets for a read-only mode of operation are as follows:
- Get-ActiveSyncDevice
- Get-ActiveSyncDeviceStatistics
- Get-ActiveSyncOrganizationSettings
- Get-ActiveSyncMailboxPolicy
- Get-ExchangeServer
- Get-Recipient
- Set-ADServerSettings
Tuesday, May 29, 2012 3:54 PM
Answers
-
The account that the Exchange connector uses must have permissions to run the following PowerShell
cmdlets:
Clear-ActiveSyncDevice, Get-ActiveSyncDevice, Get-ActiveSyncDeviceAccessRule,
Get-ActiveSyncDeviceStatistics, Get-ActiveSyncMailboxPolicy, Get-
ActiveSyncOrganizationSettings,
Get-ExchangeServer, Get-Recipient, Set-ADServerSettings, Set-ActiveSyncDeviceAccessRule,
Set-ActiveSyncMailboxPolicy, Set-CASMailbox, New-ActiveSyncDeviceAccessRule,
New-ActiveSyncMailboxPolicy, Remove-ActiveSyncDevice
This means that the account used with the Exchange connector should be a member of the following
management roles in Exchange Server 2010: Recipient Management, View Only Organization
Management, and Server Management.
I think you cannot use the set-adserversettings when the account is only a member of the view only organization management.
Dennis de Roo
- Edited by Dennis de Roo Tuesday, May 29, 2012 5:46 PM
- Marked as answer by ShawnD1 Tuesday, May 29, 2012 6:29 PM
Tuesday, May 29, 2012 5:43 PM
All replies
-
The account that the Exchange connector uses must have permissions to run the following PowerShell
cmdlets:
Clear-ActiveSyncDevice, Get-ActiveSyncDevice, Get-ActiveSyncDeviceAccessRule,
Get-ActiveSyncDeviceStatistics, Get-ActiveSyncMailboxPolicy, Get-
ActiveSyncOrganizationSettings,
Get-ExchangeServer, Get-Recipient, Set-ADServerSettings, Set-ActiveSyncDeviceAccessRule,
Set-ActiveSyncMailboxPolicy, Set-CASMailbox, New-ActiveSyncDeviceAccessRule,
New-ActiveSyncMailboxPolicy, Remove-ActiveSyncDevice
This means that the account used with the Exchange connector should be a member of the following
management roles in Exchange Server 2010: Recipient Management, View Only Organization
Management, and Server Management.
I think you cannot use the set-adserversettings when the account is only a member of the view only organization management.
Dennis de Roo
- Edited by Dennis de Roo Tuesday, May 29, 2012 5:46 PM
- Marked as answer by ShawnD1 Tuesday, May 29, 2012 6:29 PM
Tuesday, May 29, 2012 5:43 PM -
Worked great. Thanks!Tuesday, May 29, 2012 6:30 PM