Setting up the Exchange Super User
Posted by Matt Kuebler on 06 November 2009 11:50 AM
Creating a Super User via Exchange|
Step 1 - Creating the ‘Super User’ Security Group
I. On the Exchange server, open up Active Directory. Click the ‘Users’ folder on the left. Click the icon to create a new Group.
II. Give the group a name (i.e. SuperUser) and make sure the Group Scope is ‘Global’ and Group Type is ‘Security’. Click ‘Next’.
III. On the next pane it is not necessary to create an Exchange mailbox for this Group, so click ‘Next’ then click ‘Finish’.
IV. The security group for the super users has been created.
Step 2 - Adding users to the ‘Super User’ Security Group
I. Once the security group has been created you can add existing user’s to that group which will then be given administrative rights.
II. To add a user to the Super User group, right click a user in Active Directory and go to ‘Properties’.
III. Click the ‘Member Of’ tab. Click the ‘Add’ button and type in the name of the security group created in Step 1. This will add the user to that group.
Step 3 – Giving ‘Super User’ group Full Control
I. Open up the Exchange System Manager.
II. Navigate using the tree on the left to the Exchange server you want the group to have access to. Right click and go to ‘Properties’.
III. Click the ‘Security’ tab and click the Add button.
IV. Type in the name of the group created in Step 1 and click Ok.
V. In the permissions section, click the Full Control box in the Allow column. This should check the rest of the boxes in that column.
VI. The users in the Super User group should now have full access to anyone’s account. NOTE These changes make take a few moments to take effect.
NOTE Step 3 can be performed at almost any level in the tree in system manager (i.e. the mailbox store of an Exchange server, the server itself, a storage group or an administrative group). Simply right click and go to ‘Properties’ for that level and then click the Security tab and follow the same steps above.
Manual Verification Tests
Email : Accessed via IMAP4
1) Edit the test user via the web UI and change the email username to
domain = NT domain name (note that this is the old style NT domain name)
admin = Administrator user name
user = mailbox name of the user
2) Change the email password to the admin password.
3) If the account retrieves email successfully the super user is verified. This can be seen looking at user statistics via the NL web or ensuring email was sent to a device.
PIM : Accessed via WEBDAV
1) Change an existing NLES user's pim credentials to username/password of the super user created. The Web Access Directory should not change.
2) Add a test event to the user's calendar
3) Verify NL finds the test event and sends to the device.
4) If the account retrieves calendar events successfully the super user is verified. This can be seen looking at user statistics via the NL web or ensuring the calendar event was sent to a device.
Also, verification information can also be obtained from the NL logs.