Permissions that you must have to install components in Exchange Server 2003
| Article ID | : | 828765 |
| Last Review | : | November 8, 2005 |
| Revision | : | 2.2 |
SUMMARY
The permissions that you must have to install Microsoft
Exchange Server components have changed in Microsoft
Exchange Server 2003. This article discusses those
permissions. See the table in the "More Information" section
of this article to determine the permissions that you must
have to install certain Exchange Server 2003 components.
MORE INFORMATION
The following table lists the Microsoft Active Directory
directory service permissions that you must have to perform
certain Exchange Server 2003 Setup operations:
| Setup operation | Active Directory permissions that you must have |
| To install the first Exchange Server 2003 computer in the domain | Exchange Full Administrator permissions at the organization level |
| To install the first Exchange Server 2003 computer in a Microsoft Exchange 5.5 Server site that is enabled for Site Replication Service (SRS) | Exchange Full Administrator permissions at the organization level |
| To remove or to reinstall Exchange Server 2003 together with SRS | Exchange Full Administrator permissions at the organization level |
| To run the setup /forestprep command together with schema update in a forest | Enterprise Admin permissions together with Schema Admin permissions |
| To run Active Directory Connector (ADC) Setup when an older schema is detected | Enterprise Admin permissions together with Schema Admin permissions |
| To run ADC Setup when ADC Setup is used with the explicit schemaonly option | Enterprise Admin permissions together with Schema Admin permissions |
| To run subsequent setup /forestprep operations | Exchange Full Administrator permissions at the organization level |
| To run the setup /forestprep command in a domain | Domain Administrator permissions |
| To install the first instance of the Microsoft Exchange Connector for Novell GroupWise, or to install the first instance of the Microsoft Exchange Connector for Lotus Notes in the Exchange organization | Exchange Full Administrator permissions at the organization level |
| To remove Key Management Server (KMS) from a Microsoft Exchange 2000 Server computer so that you can perform an in-place upgrade to Exchange 2003 | Enterprise Admin permissions |
| To install, to maintain, or to remove an Exchange computer that has SRS enabled | Exchange Full Administrator permissions at the organization level |
| To install an additional Exchange computer that does not have SRS enabled, or to install an Exchange virtual server on a server cluster | Exchange Full Administrator permissions at the Administrative Group level together with permissions to add the computer account to the Domain Servers group |
| To run maintenance mode operations on a computer, except for Key Management Server computers or computers that have SRS enabled | Exchange Full Administrator permissions at the Administrative Group level |
| To remove a computer that does not have SRS installed | Exchange Full Administrator permissions at the Administrative Group level together with permissions to remove the computer account from the Domain Servers group after Setup is complete |
| To remove the last computer in an organization | Exchange Full Administrator permissions at the organization level |
| To apply a service pack to Exchange Server 2003 | Exchange Administrator permissions at the Administrative Group level |
In Exchange Server 2003, Exchange Full Administrator
permissions at the Administrative Group level permit the
following:
- New computer installations
- Installation of service packs and hotfixes
- Removal of most Exchange computers from that administrative group
However, there are still exceptions. You still must have Exchange Full Administrator permissions at the organization level when you install SRS or when you install the first Exchange Server 2003 computer in a domain. When the first Exchange Server 2003 computer is installed in a domain, the Exchange Server 2003 computer must set the access control entries (ACE) for the Exchange Domain Servers of that group on the organization-level object. Therefore, the user who runs Setup must have full permissions to the organization object.
APPLIES TO
- Microsoft Exchange Server 2003 Enterprise Edition
- Microsoft Exchange Server 2003 Standard Edition