Tuesday, February 1, 2011

Using the ECP with a Non-Mailbox Enabled Account

The Exchange Control Panel (ECP) was designed to allow administrators and users the ability to perform common management tasks within Exchange 2010 without installing any Management Tools.  This is a great option that the Exchange team included with Exchange 2010.

With Exchange 2010 RTM, it was not possible to log into the ECP unless the user logging in had a mailbox.  This is ok for most users since one of the design goals of ECP was to provide a way for users to “self-service” their account.  Users can get to the ECP by selecting Options –> See All Options…within OWA.

ECP-NoMail-OWAoptions

ECP-NoMail-OWAoptions-click

Where this breaks down is that best practices state that users which require administrative rights should split accounts so that the user has an everyday account (that is mail enabled) and a privileged account (that is not mail enabled).  With Exchange 2010 RTM, this pushed administrators to enable their administrator accounts for email or just use their everyday account to administer Exchange.

Starting with Exchange 2010 SP1, non-mail enabled accounts can now log into the ECP.  As an example, the following user ExchangeAdmin is a member of Organization Management and does not have an email account.

ECP-NoMail-memberof

Most users access the ECP from the Options menu in OWA.  If ExchangeAdmin tries to log into OWA, they will get the following error:

ECP-NoMail-owaerror

In order for the ExchangeAdmin to be able to log into ECP, they will need to use the URL that takes them directly to the ECP to log in.  In my example, this is https://mail.lab.com/ecp.  The non-mail enabled account can now log in and access the ECP:

ECP-NoMail-ecplogin

Now with Exchange 2010 SP1, non-mailbox enabled accounts can log in to the ECP.

6 comments:

  1. Great post. Unfortunately for us we need to give an external domain NT account access to share mailbox in exchange resource domain.
    We do not want a mailbox for externaldomain\user.
    We want him to use https://webmail/sharedmailbox@address.com. Perms are correctly asigned but uer cannot use webmail - but they can access the mailbox via outlook. annoying and no solution found yet.

    ReplyDelete
  2. An amusing thing occur in any case while everybody and their sibling were surrounding the carts and getting ready to fend off the Calvary; Someone found by joining a blend of the conventions, that the achievement rate improved. From the start, it was essentially fusing a multi day in-living arrangement liquor rehab focus with state catch up with AA gatherings. The outcomes hopped rather significantly. Now and again, it moved to as high as 73% while different investigations demonstrated an expansion to higher than 75%. They were on to something. Include two or three additional fixings, for example, instructive convention and conduct change and the numbers went into the Eighties.
    recovery quotes
    rehab quotes

    ReplyDelete