Creating a Microsoft Exchange Crawling Account
While you can use an existing account that meets the requirements, the best practice is to create an Exchange account dedicated to the Coveo connector. If you must occasionally or regularly change the account password, ensure to immediately also change the password in the CES user identity that holds the credentials to prevent source indexing update issues.
-
Crawling account for an Exchange On-Premises Server
For an Exchange On-Premises server, the crawling account must have full read access to all the Exchange content that you want to index (see Setting up a Full Read Microsoft Exchange Account).
-
Crawling account for an Exchange hybrid deployment
In the context of an Exchange hybrid deployment, you must use two sources, one for the local content hosted on the Exchange On-Premises Server 2013, and one for the remote archives hosted on Exchange Online (see About the Support for Exchange Server 2013 Hybrid Deployments). You can however use the same crawling account for both sources.
When crawling remote archives, the Exchange connector must establish multiple secure connections with different services listed in the following table. In a best case scenario, a single user identity can be used to access all these services. As you can see from the table, the only identity format that is common to all required services is the UPN/SMTP format (ces_crawling@mycompany.com) that must therefore be used when creating the user identity to be associated with the source for the remote part of an hybrid deployment.
Service Identity Identity format Exchange Online EWS Exchange online user (Synced with AD or in cloud) with the ApplicationImpersonation role (see Enabling Impersonation in Microsoft Exchange Online) ces_crawling@mycompany.com
or
ces_crawling@mycompany.onmicrosoft.comExchange On-Premises PowerShell Exchange On-Premises Server administrator ces_crawling@mycompany.com
or
mycompany\ces_crawlingActive Directory Any valid Active Directory account ces_crawling@mycompany.com
or
mycompany\ces_crawlingNote: When a user with all the above properties does not exist and cannot be created, you can use the PowerShellUserName and PowerShellPassword hidden parameters to create and specify an additional user identity on the source (see Modifying Hidden Microsoft Exchange Source Parameters).
-
CES 7.0.7814+ (August 2015) Crawling account for an Exchange Online
Depending on your setup:
-
When your users are cloud-based
The crawling account can be the same Office 365 administrator account that you use to allow the connector access to the Exchange Online mailboxes of your Azure AD users (see Authorizing the Coveo Connector to Access the Exchange Online Mailboxes of Your Azure AD Users).
Note: The Office 365 account must have at least the following roles:
-
Exchange administrator
-
User management administrator
-
-
When your users are federated
The crawling account must have full read access to all the Exchange content that you want to index (see Setting up a Full Read Microsoft Exchange Account).
-
What's Next?
Create a CES user identity to hold the credentials of the Exchange account that you created for the Coveo connector exclusive use (see Adding a User Identity).