Bookshelf Home | Contents | Index | PDF     

Siebel Server Sync Guide > Configuring Siebel Server Sync >

Configuring Exchange Service Account Credentials

The Exchange Connector uses the credentials of the user name it runs under to interact with all of the Exchange mailboxes in the Active Directory forest (one or more Active Directory domains that share certain characteristics and information). This user is required to have an activated Exchange mailbox account. Additionally, this user must have special mailbox access privileges in order to access other users' activated Exchange mailboxes. For more information about these privileges, see About Exchange Service Account Privileges.

The task of configuring these credentials is a step in Process of Configuring SSSE.

Before you configure the credentials for your Exchange service account, use the following procedure to check whether your account will need Send As privileges in addition to full mailbox access. Some versions of Microsoft Exchange implicitly grant Send As privileges along with full mailbox access, and other versions do not. The Exchange service account needs either implicit or explicit Send As privileges.

Determining whether to grant Send As privileges to your Exchange service account

  1. Determine which version of Microsoft Exchange your Exchange server is running, and complete the appropriate following substep:
    • For Microsoft Exchange 2003, review Article #895949 on the Microsoft Support Web site, "Send As" permission behavior change in Exchange 2003 (http://support.microsoft.com/kb/895949).
    • For Microsoft Exchange 2000, review Article #915358 on the Microsoft Support Web site, A hotfix is available to change the behavior of the Full Mailbox Access permission in Exchange 2000 Server (http://support.microsoft.com/kb/915358/).
  2. Determine which version of Store.exe your Exchange server is running.
    • For Microsoft Exchange 2000 Server Service Pack 3 (SP3) and Store.exe version 6619.4 or higher, plan to grant your Exchange service account explicit Send As privileges.
    • For Microsoft Exchange Server 2003 Service Pack 1 and Store.exe file version of 7233.51 or higher, plan to grant your Exchange service account explicit Send As privileges.

      You will use this information in a later procedure.

The following procedures describe two ways of configuring the necessary credentials: a method that uses a script, and a manual method.

  • Script Method. The method that uses a script is recommended if you need to provide the Connector application with access to many users' mailboxes, as would be typical during deployment of SSSE. However, if you need to grant Send As privileges explicitly, you may need to modify the script that is supplied by Oracle. For more information about Send As privileges in various versions of Microsoft Exchange, see one or both of the articles that are listed in Step 1.
  • Manual Method. The manual method is recommended if you only need to grant access to a few users' mailboxes, such as when you want to enable synchronization for a few new employees.

NOTE:  You can run the Exchange Connector application under the same user as the PIMSI Engine component, or under a different user. Using different users separates Siebel security settings and Exchange security settings as much as possible.

Configuring Credentials Using a Script

The following procedure uses the ssse_exchange2k3_permissions.vbs script to configure the security settings that grant access to other users' mailboxes for the user that the Exchange Connector application runs under.

To configure Exchange service account credentials using a script

  1. Verify that the user that the Exchange Connector will run under has an activated mailbox on the Exchange server, or create and activate one if necessary.
  2. Log in to your Siebel application as an administrator and navigate to Site Map > Administration - PIM Server Integration > Sync Access Control > User Map.
  3. In the User Map list, verify that the column names appear in the following order:
    • Siebel User Login
    • PIM Server Type
    • PIM User Identifier
    • Language
    • Sync Enabled

      If necessary, use the Columns Displayed command to adjust the order of the columns.

  4. In the User Map list, select the users who will use SSSE, and then click the menu button and select Export.
  5. In the Export dialog box, choose settings as described in the following table, and then click Next.
    Setting
    Value

    Rows to Export

    All Rows in Current Query

    Columns to Export

    Visible Columns

    Output Format

    Comma Separated Text File
  6. In the File Download dialog box, click Save and then use standard Windows techniques to select an output file name and location.
  7. In the Export dialog box, click Close.
  8. Use a text editor to open the file you saved, remove the column names, and then save the file using the ANSI encoding option.
  9. Follow the directions documented in the following script file, where install_directory is the installation directory for your Siebel implementation:

    install_directory\siebsrvr\bin\ssse_exchange2k3_permissions.vbs

Configuring Credentials Manually

The following procedure describes how to manually configure the security settings that grant access to other users' mailboxes for the user that the Exchange Connector application runs under.

To configure Exchange service account credentials manually

  1. Verify that the user that the Exchange Connector application runs under has a mailbox on the Exchange server, or create one if necessary.
  2. On any machine that has the Exchange System Management Tools installed (for example, the Exchange Server or any Siebel Exchange Connector machine), start the Active Directory Users and Computers console.
  3. From the View menu, select Advanced Features.
  4. In the Tree pane, select Users.
  5. Perform the following substeps:
    1. In the Users pane, right-click the user name and choose Properties.
    2. In the user's Properties dialog box, click the Exchange Advanced tab.
    3. On the Exchange Advanced tab, click Mailbox Rights.
    4. In the Permissions for USERNAME dialog box, click Add and enter the user that SSSE is running under.
    5. Click Check Names.

      If there is no error message, click OK to return to the Permissions for USERNAME dialog box.

      If there is an error message, correct the user name before continuing.

    6. In the Names list, make sure the user is selected.
    7. In the Permissions list, select the Allow check box for Full mailbox access.
    8. If your version of Microsoft Exchange and Store.exe do not grant Send As privileges implicitly with Full mailbox access, then also select the Allow check box for Send As.
  6. Click OK twice to close the dialog boxes and put the Properties changes into effect.
  7. Repeat Step 5 and Step 6 for each user who will use SSSE.
  
Siebel Server Sync Guide Copyright © 2007, Oracle. All rights reserved.