It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Creating an Email Service Account for Microsoft Exchange Server 2007, 2010, 2013, 2016, and 2019

  • Last updated on

This article refers to Barracuda Message Archiver Legacy Release firmware or higher, and Microsoft Exchange Server 2007, 2010, 2013, 2016, and 2019.

See also How to Enable RPC over HTTP Connectivity.

An email service account provides Exchange Server directory permissions to grant the Barracuda Message Archiver unrestricted access to all mailboxes. Create an email service account for Exchange import integration and message attachment stubbing.

Recommended

Microsoft Exchange Server 2007, 2010, 2013, 2016, and 2019 set bandwidth limits and restrict the number of processed messages by default which can impact job performance. Barracuda Networks recommends disabling throttling for the service account after following the steps in this article. For details, see:

Read First
Service Account Password Setting

When configuring the service account, you must set the password to never expire. To set this option in Active Directory (AD), go to the Properties dialog box for the service account, click the Account tab, and in the Account options section, select Password never expires. Click OK to save your settings.

To create an email service account:

  • Verify the service account has a mailbox, and is not hidden in the Global Address list.
  • Establish a user account through OWA or other source before setting up the email service account. (Optional but highly recommended)  

Using an existing account as a service account will grant the Barracuda Message Archiver unrestricted access to all mailboxes. As a best practice, use a unique account for this integration point and grant it the least level of privileges required, coordinating with the system administrator. This email service account requires administrative write privileges to the Exchange server. For additional information, see Security for Integrating with Other Systems - Best Practices.

Microsoft Exchange 2007

Use the following steps to set the permissions on Exchange 2007:

  1. Log into the Exchange Server as the administrator.
  2. From the Start menu, go to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  3. At the command prompt, enter the following command where Exchange2007  is the name of the Microsoft Exchange 2007 Server and CUDASVC is the name of the Barracuda service account, and then press Enter:
    get-mailboxserver Exchange2007 | add-adpermission -user CUDASVC -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
  4. In the Exchange Management Shell, enter the following command to add View-Only Administrator permissions, replacing CUDASVC with the name of the Barracuda service account: add-exchangeadministrator CUDASVC -role ViewOnlyAdmin

    Important

    If inheritance to the individual mail stores is not enabled on a custom mailbox database, to set the Send As, Receive As, and Administer Information Store permissions at the store level, you must enter the following command in the Exchange Management Shell:
    Add-ADPermission -identity "custom database name" -user "CUDASVC" -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
    To verify the Send As, Receive As, and Administer Information Store permissions, enter the following command in the Exchange Management Shell, where Exchange2007 is the name of the Microsoft Exchange 2007 Server, dbname is the name of the Exchange mail database, and  CUDASVC is the name of the Barracuda service account:
    get-mailboxdatabase Exchange2007\dbname | get-ADpermission -user CUDASVC | Format-List

Continue with Microsoft Exchange Server 2007 Operations.

Microsoft Exchange 2010 and Newer

Use the following steps to set the permissions on Exchange where CUDASVC is the name of the Barracuda service account:

  1. Log into the Exchange Server as the administrator.
  2. From the Start menu, go to Start > Programs > Microsoft Exchange Server > Exchange Management Shell.
  3. At the command prompt, enter the following command, and then press Enter:
    Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
  4. Next, enter the following command, and then press Enter:
    Add-RoleGroupMember "Organization Management" -Member "CUDASVC"

Use the following steps to apply permissions for the service account where database name  is the name of the specific Mail Store database rather than all databases:

  1. Log into the Exchange Server as the administrator.
  2. From the Start menu, go to Start > Programs > Microsoft Exchange Server > Exchange Management Shell.
  3. At the command prompt, enter the following command, and then press Enter:
    Get-MailboxDatabase -Identity database name | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin

Continue with Microsoft Exchange Server Operations based on your Exchange Server: