Security Requirements
Access Requirements
- Active Directory requirements:
- Access to the AD server: IP address of the AD server, domain account, and password
- READ access to the accounts list
- Permission settings for crawling the Exchange Server content: Depends on the version of Exchange Server and the protocol you want to use for the connection.
- IP Address of the farm's Active Directory server
- Credentials for a Domain account: This account must have Read access to the Exchange Accounts list. To support public folders, this account should also have a mailbox in Exchange.
Granting Access
EWS - Grant Impersonation Rights
For the following, see any Exchange Web Services Access to Exchange Server (any version):
- Exchange Version 2013 (EWS)
- Exchange Version Online (EWS)
Exchange Web Services Access to Exchange Server (Any Version)
Connectors can use Exchange Web Services (EWS) to communicate with any version of Exchange Server including Exchange Online.
To configure impersonation for Exchange Server 2013/Online:
- The Service Account must have impersonation rights to all of the mailboxes that will be crawled.
- Public folders and private mailboxes have the same authentication requirements.
- In addition, public folders require the following settings:
- Folder Visibility flag: Must be set to
True. - Service Account: Must have
Readaccess to all of the folders to be crawled.
- Folder Visibility flag: Must be set to
Configure Impersonation
To grant the Service Account the appropriate permissions to crawl the selected mailboxes, see the following Microsoft articles:
- Exchange Server 2013/Online: How to: Configure impersonation.