Bulletin ID A2E_220
Last Review 11/05/2012
Revision 1.0
Previous IDs None
Obsoletes None
—————— ————

Permissions for adding the A2E Service Account to an existing remote SQL instance

DidItBetter.com Software has prepared a release of Add2Exchange Enterprise which will allow the Add2Exchange database to be installed and managed on an existing, non-local SQL Server instance. if you are moving where Add2Exchange SQL database is located to a remote server, then these procedures will also similarly apply. These instructions show how to add the service account user to the remote SQL instance so it can create its database during the installation process.

Tip:

We suggest you download and install the SQL Management Studio Tools on this box to help with the configuration.  This step is not required, but certainly makes life easier and will save you time and effort since you can manage the instance from here if need be.   See the permissions necessary for the most automated installation listed below.

If you are requiring Technical assistance through our Premier Remote Support, it will be required.

The download for the installation of SQL Management Studio tools are located here

 

Instructions
  • Log onto the SQL server machine with a SQL administrative account or run the SQL Management Studio Tools from this server.
  • Start Microsoft SQL Server Management Studio
  • Log into the SQL Server with Management Studio
  • Expand the Security folder in the Object Explorer tree
  • Right-click the Logins folder and select New Login…
  • In the default General tab, for Login name either enter the name of the service account (usually zAdd2Exchange) or click Search and find the service account from your Active Directory
    • Leave the rest of the options as default

Add User

  • Click Server Roles from the Object Explorer
  • Select dbcreator

Set Role

  • Click OK

Next, add the A2E Service Account to the local Administrators (or at least Power Users) of the remote SQL Server.

Your SQL Server is now configured to allow the service account to complete the Add2Exchange installation.

NOTE:

In order for Add2Exchange to test the status of the remote SQL Server, you will need to grant the service account permissions to detect services on the remote SQL computer

 

This is how:

 http://social.technet.microsoft.com/Forums/windowsserver/en-US/5c53eb1e-d3d8-4ac7-89ff-b7429ba78a38/how-to-manage-services-remotely

 Solution 1.

Please put the user account in the built-in administrators group on the target server. This is a simple solution to resolve the issue. Sometimes this doesn’t work if you have a policy defined.  Go to Solution 2.

Solution 2.

Set a new Group policy to grant the user with proper permission to access and view the service.

Please perform the following steps on the domain controller.

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Find and locate the organizational unit which contains the user, Right-click on it and click Properties

3. Click the Group Policy tab, and then click New, or find existing policy. Type a name for the new Group Policy object (for example, use the name of the organizational unit for which it is implemented), and then press ENTER.

4. Click the new Group Policy object in the Group Policy Objects Links list (if it is not already selected), and then click Edit.

5. Expand Computer Configuration -> Windows Settings -> Security Settings -> System Services

6. In the right pane, double-click the target service to that you want to apply permissions. The security policy setting for that specific service is displayed.

7. Click to select the "Define this policy setting" checkbox.

8. Click "Edit Security"

9. Add the user account and grant it with "Start, stop and pause" and "Read" permissions to the user account that you want to access the service remotely, and then click OK.

10. Under "Select service startup mode", click "Automatic" startup mode option, and then click OK.

11. Close the Group Policy Object Editor, click OK, and then close the Active Directory Users and Computers tool.

12. Please run "gpupdate /force" on both the DC and the client to make the GPO settings come into effect.

13. Reset the problematic client and then check if the issue can be resolved.

 

More on Rights: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981(v=vs.85).aspx

 

Even more on Rights: http://serverfault.com/questions/55961/is-it-possible-to-use-group-policy-to-grant-the-permission-to-manage-windows-ser

 

Continue with the installation procedures.

 

Applies To
  • Add2Exchange Enterprise