Help Center
Choose product document...
Veeam Backup & Replication 9.0
Veeam Backup Explorers User Guide
> Veeam Backup Explorers User Guide > Working with Veeam Explorer for Microsoft Exchange > Before You Start > Prerequisites > Permissions

Permissions

This section describes permissions and access right required for correct operation of Veeam Explorer for Microsoft Exchange.

  1. The account under which you run Veeam Explorer for Microsoft Exchange requires Read and Write permissions to all files in the folder with the Exchange mailbox database.
  2. To restore folder(s)/item(s) to Microsoft Exchange server, the account used for connection to that server will need sufficient access rights, as described below. They can be granted using the following methods: through impersonation, or by providing that user with Full Access to mailbox.

Permissions Important!

Consider the following:

  • If the account you plan to use for restore owns a mailbox on target Microsoft Exchange server, then you can use any method (impersonation or mailbox access provisioning).
  • If the account you plan to use for restore does not own a mailbox on target Microsoft Exchange server, then access rights must be granted through Exchange impersonation.

Restore to a Public Folder

  1. The account that is used for restore to a public folder should own a mailbox on target Microsoft Exchange server.
  2. This account should have an Organization Management role on target Microsoft Exchange server. It can be assigned, for example, by running the following Exchange Management PowerShell cmdlet:

Add-RoleGroupMember “Organization Management” –Member “<user_account>”

Restore to a Mailbox

To restore to a mailbox, account used to connect to target should have corresponding access rights:

  • If you plan to use the account that owns a mailbox on target Microsoft Exchange server, make sure it has Full Access for that mailbox.
    Full Access can be granted, for example, through impersonation or through rights assignment with the following cmdlet:

Add-MailboxPermission –Identity “<target_mailbox>” -User “<user_account>” -AccessRights FullAccess –InheritanceType All

  • If you plan to use the account that does not own a mailbox on target Microsoft Exchange server (for example, a service account), then access rights for target mailbox should be granted through Exchange impersonation.
    For example, you can run the following cmdlet:

New-ManagementRoleAssignment -Name "<role_name>" -Role ApplicationImpersonation -User "<user_account>" [-CustomRecipientScope "<scope>"]

To recall the assignment after the items are restored to target mailbox, you can run the following cmdlet:

Remove-ManagementRoleAssignment -Name "<role_name>"

Example

The following cmdlet shows how you can narrow the group of users who will be assigned the appropriate role to access the target mailbox at restore. For that, it uses the CustomRecipientScope parameter, with sample Organizational Unit specified as the scope:

New-ManagementRoleAssignment -Name "Exchange Test" -Role ApplicationImpersonation -User "Test User" -CustomRecipientScope "spain.local/TargetUsers"

Permissions Note:

For more details on impersonation, please refer to MSDN (http://msdn.microsoft.com/en-us/library/bb204095.aspx).

Home | Products | Forums | Support | Contact Sales | EULA

Copyright ©2016 Veeam® Software. Privacy Policy & Cookies

Veeam and NetApp Veeam and Cisco Veeam and HP Veeam and Microsoft Veeam and VMware
Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Administrator Guide

Veeam Backup Explorers User Guide

Backup and Restore of SQL Server Databases

PowerShell Reference

RESTful API Reference

Veeam Direct Restore to Microsoft Azure

Veeam Backup FREE Edition User Guide

Veeam ONE Documentation

Veeam Endpoint Backup Documentation

Veeam Management Pack Documentation