It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus

Setup Wizard Step 5 - Create Service Account

  • Last updated on

This step refers to Microsoft Exchange deployments only.

Create an Office 365 Exchange Online Service Account

This article refers to Barracuda Message Archiver Legacy Release firmware or higher.

An Office 365 Exchange online service account provides Exchange Server directory permissions to grant the Barracuda Message Archiver read access to all mailboxes.

If you encounter issues running the PowerShell scripts in this article, you can temporarily change the Windows PowerShell script execution policy to unrestricted. Important: This setting removes all restrictions which means unauthorized PowerShell scripts can run. For more information, refer to the Microsoft TechNet article Using the Set-ExecutionPolicy Cmdlet.

Requirements

If this is a Cloud Service Provider (CSP) account, refer to this article Azure MFA Requirements for Microsoft CSPs to ensure the correct configuration is set.

 

  • Windows 8 or 8.1

  • Windows Server 2012 or Windows Server 2012 R2

  • Windows 7 Service Pack 1 (SP1)

  • Windows Server 2008 R2 SP1

  • Microsoft .NET Framework 4.5 or 4.5.1 and either the Windows Management Framework 3.0 or the Windows Management Framework 4.0

  • Verify the service account has a mailbox, and is not hidden in the Global Address list

Microsoft Exchange Online

Microsoft Exchange Online message throttling policies set bandwidth limits and restrict the number of processed messages. Throttling is enabled by default in Microsoft Exchange Online. Currently you cannot set policies to disable throttling in Exchange Online; for details, refer to the Microsoft Outlook dev blog. Barracuda is working on a solution to provide this option in the future.

Connect to Office 365 Exchange Online

  1. Open Windows PowerShell, enter the following command, and then press Enter:
    $UserCredential = Get-Credential
  2. In the Windows PowerShell Credential Request dialog box, enter your Exchange Online user name and password, and then click OK.

  3. Enter the following command, and then press Enter:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

    For more information, refer to the Microsoft TechNet article Connect to Exchange Online using remote PowerShell.

  4. Enter the following command, and then press Enter:
    Import-PSSession $Session

  5. Enter the following command, and then press Enter:
    Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User ServiceAccount@domain.com -AccessRights fullaccess -InheritanceType all -Automapping $false
    Where ServiceAccount@domain.com represents your service account.

    Permissions are assigned on existing mailboxes only; if additional mailboxes are added to your organization, you must rerun this command.

Configure a Microsoft Exchange Server 2010 and Newer Service Account

Read First

Service Account Password Setting

When configuring the service account, you must set the password to never expire. To set this option in Active Directory (AD), go to the Properties dialog box for the service account, click the Account tab, and in the Account options section, select Password never expires. Click OK to save your settings.

To create an email service account:

  • Verify the service account has a mailbox, and is not hidden in the Global Address List (GAL).
  • (Optional but highly recommended) Establish a user account through Outlook Web Access (OWA) or other source before setting up the email service account.

As a best practice, use a unique account for this integration point and grant it the least level of privileges required, coordinating with the system administrator. This email service account requires administrative write privileges to the Exchange server. For additional information, see Security for Integrating with Other Systems - Best Practices.

 

Use the following steps to set the permissions on Exchange where CUDASVC is the name of the Barracuda service account:

  1. Log into the Exchange Server as the administrator.
  2. From the Start menu, go to Start > Programs > Microsoft Exchange Server > Exchange Management Shell.
  3. At the command prompt, enter the following command, and then press Enter:
    Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
  4. Next, enter the following command, and then press Enter:
    Add-RoleGroupMember "Organization Management" -Member "CUDASVC"

Use the following steps to apply permissions for the service account where database name  is the name of the specific Mail Store database rather than all databases:

  1. Log into the Exchange Server as the administrator.
  2. From the Start menu, go to Start > Programs > Microsoft Exchange Server > Exchange Management Shell.
  3. At the command prompt, enter the following command, and then press Enter:
    Get-MailboxDatabase -Identity database name | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin

Continue with Microsoft Exchange Server Operations based on your Exchange Server:

Configure a Microsoft Exchange Server 2007 Service Account

Read First

Service Account Password Setting

When configuring the service account, you must set the password to never expire. To set this option in Active Directory (AD), go to the Properties dialog box for the service account, click the Account tab, and in the Account options section, select Password never expires. Click OK to save your settings.

To create an email service account:

  • Verify the service account has a mailbox, and is not hidden in the Global Address List (GAL).
  • (Optional but highly recommended) Establish a user account through Outlook Web Access (OWA) or other source before setting up the email service account.

As a best practice, use a unique account for this integration point and grant it the least level of privileges required, coordinating with the system administrator. This email service account requires administrative write privileges to the Exchange server. For additional information, see Security for Integrating with Other Systems - Best Practices.

  1. Log into the Exchange Server as the administrator.
  2. From the Start menu, go to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  3. At the command prompt, enter the following command where Exchange2007  is the name of the Microsoft Exchange 2007 Server and CUDASVC is the name of the Barracuda service account, and then press Enter:
    get-mailboxserver Exchange2007 | add-adpermission -user CUDASVC -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

  4. In the Exchange Management Shell, enter the following command to add View-Only Administrator permissions, replacing CUDASVC with the name of the Barracuda service account: add-exchangeadministrator CUDASVC -role ViewOnlyAdmin

    Important:

    If inheritance to the individual mail stores is not enabled on a custom mailbox database, to set the Send As, Receive As, and Administer Information Store permissions at the store level, you must enter the following command in the Exchange Management Shell:
    Add-ADPermission -identity "custom database name" -user "CUDASVC" -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
    To verify the Send As, Receive As, and Administer Information Store permissions, enter the following command in the Exchange Management Shell, where Exchange2007 is the name of the Microsoft Exchange 2007 Server, dbname is the name of the Exchange mail database, and CUDASVC is the name of the Barracuda service account:
    get-mailboxdatabase Exchange2007\dbname | get-ADpermission -user CUDASVC | Format-List

Continue with Microsoft Exchange Server 2007 Operations

 

 

Last updated on