locked
Setting up the Exchange connector with read only. RRS feed

  • Question

  • Hello,

    I found the instructions on what cmdlets are needed for a read only Exchange Connector.  Problem is I am not an Exchange or Powershell user. :)  Are there any step by step instructions on how to set up the user with the needed permissions to make this work?

    Can I configure the Exchange Server connector for read-only mode?

    Yes, if you only want to find mobile devices and retrieve inventory data from them as a read-only mode of operation, you can do this by granting a subset of the cmdlets that the account uses to connect to the Exchange Client Access server. The required cmdlets for a read-only mode of operation are as follows:

    • Get-ActiveSyncDevice
    • Get-ActiveSyncDeviceStatistics
    • Get-ActiveSyncOrganizationSettings
    • Get-ActiveSyncMailboxPolicy
    • Get-ExchangeServer
    • Get-Recipient
    • Set-ADServerSettings

    Tuesday, May 29, 2012 3:54 PM

Answers

  • The account that the Exchange connector uses must have permissions to run the following PowerShell

    cmdlets:


    Clear-ActiveSyncDevice, Get-ActiveSyncDevice, Get-ActiveSyncDeviceAccessRule,

    Get-ActiveSyncDeviceStatistics, Get-ActiveSyncMailboxPolicy, Get-

    ActiveSyncOrganizationSettings,

    Get-ExchangeServer, Get-Recipient, Set-ADServerSettings, Set-ActiveSyncDeviceAccessRule,

    Set-ActiveSyncMailboxPolicy, Set-CASMailbox, New-ActiveSyncDeviceAccessRule,

    New-ActiveSyncMailboxPolicy, Remove-ActiveSyncDevice


    This means that the account used with the Exchange connector should be a member of the following

    management roles in Exchange Server 2010: Recipient Management, View Only Organization

    Management, and Server Management.

    I think you cannot use the set-adserversettings when the account is only a member of the view only organization management.


    Dennis de Roo


    • Edited by Dennis de Roo Tuesday, May 29, 2012 5:46 PM
    • Marked as answer by ShawnD1 Tuesday, May 29, 2012 6:29 PM
    Tuesday, May 29, 2012 5:43 PM

All replies

  • The account that the Exchange connector uses must have permissions to run the following PowerShell

    cmdlets:


    Clear-ActiveSyncDevice, Get-ActiveSyncDevice, Get-ActiveSyncDeviceAccessRule,

    Get-ActiveSyncDeviceStatistics, Get-ActiveSyncMailboxPolicy, Get-

    ActiveSyncOrganizationSettings,

    Get-ExchangeServer, Get-Recipient, Set-ADServerSettings, Set-ActiveSyncDeviceAccessRule,

    Set-ActiveSyncMailboxPolicy, Set-CASMailbox, New-ActiveSyncDeviceAccessRule,

    New-ActiveSyncMailboxPolicy, Remove-ActiveSyncDevice


    This means that the account used with the Exchange connector should be a member of the following

    management roles in Exchange Server 2010: Recipient Management, View Only Organization

    Management, and Server Management.

    I think you cannot use the set-adserversettings when the account is only a member of the view only organization management.


    Dennis de Roo


    • Edited by Dennis de Roo Tuesday, May 29, 2012 5:46 PM
    • Marked as answer by ShawnD1 Tuesday, May 29, 2012 6:29 PM
    Tuesday, May 29, 2012 5:43 PM
  • Worked great.  Thanks!
    Tuesday, May 29, 2012 6:30 PM