Creating a Microsoft Exchange Crawling Account

The Exchange connector needs an Exchange account to be able to access and index your Exchange content. The Exchange connector supports different Exchange deployment configurations. The requirements for the crawling account depend on the deployment configuration.

While you can use an existing account that meets the requirements, the best practice is to create an Exchange account dedicated to the Coveo connector. If you must occasionally or regularly change the account password, ensure to immediately also change the password in the CES user identity that holds the credentials to prevent source indexing update issues.

• Crawling account for an Exchange On-Premises Server

  For an Exchange On-Premises server, the crawling account must have full read access to all the Exchange content that you want to index (see Setting up a Full Read Microsoft Exchange Account).

• Crawling account for an Exchange hybrid deployment

  In the context of an Exchange hybrid deployment, you must use two sources, one for the local content hosted on the Exchange On-Premises Server 2013, and one for the remote archives hosted on Exchange Online (see About the Support for Exchange Server 2013 Hybrid Deployments). You can however use the same crawling account for both sources.

  When crawling remote archives, the Exchange connector must establish multiple secure connections with different services listed in the following table. In a best case scenario, a single user identity can be used to access all these services. As you can see from the table, the only identity format that is common to all required services is the UPN/SMTP format (ces_crawling@mycompany.com) that must therefore be used when creating the user identity to be associated with the source for the remote part of an hybrid deployment.

  Service	Identity	Identity format
  Exchange Online EWS	Exchange online user (Synced with AD or in cloud) with the ApplicationImpersonation role (see Enabling Impersonation in Microsoft Exchange Online)	ces_crawling@mycompany.com or ces_crawling@mycompany.onmicrosoft.com
  Exchange On-Premises PowerShell	Exchange On-Premises Server administrator	ces_crawling@mycompany.com or mycompany\ces_crawling
  Active Directory	Any valid Active Directory account	ces_crawling@mycompany.com or mycompany\ces_crawling

  Note: When a user with all the above properties does not exist and cannot be created, you can use the PowerShellUserName and PowerShellPassword hidden parameters to create and specify an additional user identity on the source (see Modifying Hidden Microsoft Exchange Source Parameters).

• CES 7.0.7814+ (August 2015) Crawling account for an Exchange Online

  Depending on your setup:

  • When your users are cloud-based

    The crawling account can be the same Office 365 administrator account that you use to allow the connector access to the Exchange Online mailboxes of your Azure AD users (see Authorizing the Coveo Connector to Access the Exchange Online Mailboxes of Your Azure AD Users).

    Note: The Office 365 account must have at least the following roles:

    • Exchange administrator

    • User management administrator

  • When your users are federated

    The crawling account must have full read access to all the Exchange content that you want to index (see Setting up a Full Read Microsoft Exchange Account).