Product DocsMenu

Setting up a Full Read Microsoft Exchange Account

You need to set up a special account in the Microsoft Exchange Server to be able to crawl multiple mailboxes using a single source. This account must have read access on all the mailboxes and all the public folders that you want to index.

Note: The best practice is to create a dedicated account for the Coveo connector. Coveo recommends using an account which has a password that never expires to avoid crawling problems. Otherwise, you must update the password in the user identity after each password change.

To set up a full read Microsoft Exchange account

  1. For a Microsoft Exchange Server 2003 installation, refer to the following Microsoft article for information on how to set up such an account: How to assign service account access to all mailboxes in Exchange Server 2003

  2. For Microsoft Exchange Server Online (only with federated users), 2013 (On-Premises and hybrid), 2010, and 2007 installations, use one of the following methods:

    Note: CES 7.0.7814+ (August 2015) Support for Microsoft Exchange Online.

    • Method 1 - Recommended

      Note: This method grants read permissions to the crawling account for all existing mailboxes, but also automatically for all mailboxes that will be created in the future.

      1. On the Microsoft Exchange Server, open the Exchange Management Shell.

      2. Run the following command, and then note the value for the Identity parameter:


      3. Run the following command:

        Add-ADPermission -user [crawling_account] -Identity [Identity] -AccessRights ReadProperty, GenericExecute -ExtendedRights "Receive-As"

        where you replace:

        • [crawling_account] by the name of your crawling account, or probably a best practice, by the name of a dedicated Active Directory group containing only your crawling account.

        • [Identity] by the value that you noted for the Identity parameter from the first command.

    • Method 2 - Plan B

      Important: This Exchange Management Shell command applies the permissions to currently existing users. You must therefore repeat this procedure each time a new mailbox is added to Exchange to ensure that the crawling account gains access to the new mailbox content.

      It is therefore recommended to schedule to automatically execute the procedure at an appropriate time interval.

      1. Ensure that the crawling account has an active mailbox on a Microsoft Exchange server.

        To crawl a Microsoft Exchange 2013/2010 server, the active mailbox of the account must be on a Microsoft Exchange 2013/2010 server.

      2. On the Microsoft Exchange Server, open the Exchange Management Shell.

      3. Type the following command to give sufficient rights to a user to crawl using WebDAV or WebServices, depending on your Exchange Server location:

        • For on-premises servers [Exchange 2013 (On-Premises and hybrid), 2010 and 2007]:

          get-mailbox -server ServerName -ResultSize Unlimited | Add-MailboxPermission -User ‘mydomain\myuser’ –AccessRights FullAccess

          where you replace:

          • ServerName by the name of your Exchange server

            Note: The -server parameter is optional. When the parameter is not set, the rights are effective for all Exchange on-premises servers

          • domain\user by the user that you want to use to crawl the Microsoft Exchange content.

        • For online servers:

          get-mailbox -ResultSize Unlimited | Add-MailboxPermission -User ‘mydomain\myuser’ –AccessRights FullAccess

          where you replace domain\user by the user that you want to use to crawl the Microsoft Exchange content.

What's Next?

For a Microsoft Exchange 2013 or 2010 server, configure the throttling policy to prevent crawling problems (see Configuring the Throttling Policy for the Microsoft Exchange Account).

For other Microsoft Exchange servers, configure a CES user identity (see Adding a User Identity).

People who viewed this topic also viewed