Create a Superuser Account for Microsoft Exchange 2013 or 2016

If you are using a Microsoft Exchange Server as an email server, you can configure a Superuser account to access the individual email accounts. This eliminates the need for users to maintain passwords on the NuPoint UM system. Instead, they are required to create and update passwords in one place only: Microsoft Outlook.

NuPoint UM supports a feature called Client Throttling on MS Exchange. You can use it to give the Superuser enhanced access to server resources.

Creating a Superuser Account

To create the NPUM Admin Superuser account on the Active Directory platform with MS Exchange Server:

  1. Log in to the Exchange Management Console to create a new user and an Exchange mailbox. You must have the rights to create new users.

  2. In the Exchange Management Console, select Recipient Configuration > Mailbox > New Mailbox > User Mailbox > New User.

  3. In the first New Mailbox window, enter NPUMAdmin in the First Name, User logon name (User Principal Name) and User logon name (pre-Windows 2000) fields. Note: The NPUMAdmin name is case sensitive.

  4. Enter a password in the Password and Confirm Password fields, then click Next.

  5. Enter the mailbox settings for a mailbox on your system, and then click Next.

  6. When the next window appears, click Finish.

  7. Ensure that the NPUMAdmin account can be seen on Exchange address lists. (Right-click on the NPUMAdmin user to access Properties. On the General tab, ensure that the Hide From Exchange address lists check box is cleared.)

Adding the Superuser Account to Active Directory Groups

To add the Superuser account to Active Directory Groups:

  1. Log in to the Active Directory Users and Computers tool.

  2. Locate the NPUM Admin Superuser account.

  3. Add the account as a member of the following group for Exchange:

    Organization
Management, ExchangeLegacyInterop

Setting Up Permissions for the Superuser Account

To set permissions for the Superuser account, on a computer that has Exchange Management Shell installed:

  1. Launch Exchange Management Shell. Do not use Windows Powershell.

  2. At the MSH prompt, enter the following information on one line:

    Get-OrganizationConfig | Add-AdPermission -user NPUMAdmin -accessRights GenericRead -extendedrights "Read metabase properties","Create named properties in the information store","View information store status","Administer information store","Receive as","Send as"

    Note: By default these permissions will be applied to all sub-containers. Do not change this setting.

  3. Make sure that the NPUMAdmin account is a member of Domain Users only.

    Note: To confirm that the account has been set up correctly, repeat step 2. You should receive a message saying "Already Complete."

  4. At the MSH prompt, enter the following information to give full access rights to the Superuser account:

    get-mailbox
-ResultSize Unlimited | add-MailboxPermission -user NPUMAdmin
-accessRights FullAccess
    Note:

    • Entering the above-noted command enables the NPUMAdmin account to have access to all mailboxes currently on the Exchange Server. If new users are added after this command has been run, then the command must be run again to grant full access rights.

    • Full Access permissions are not granted until the Microsoft Information Store service caches the permissions and updates the cache, which can take up to two hours. To grant the permissions immediately, stop and then start the Microsoft Exchange Information Store service on the Exchange Server. See http://technet.microsoft.com/en-US/library/aa996343(EXCHG.80).aspx for more details.

Configuring the Client Throttling Policy

You can configure a client throttling policy to give the Superuser enhanced access to the server resources.

Exchange 2013 SP1

Note: In the following procedure, NPUMAdmin is the Superuser account name.

To configure the client throttling policy for 2013 SP1:

  1. Access the Exchange Management Shell.

  2. Run the following command to set the RCAMaxConcurrency value to zero, allowing unlimited concurrent connections for the superuser account:

    new-throttlingpolicy
-name NPUMAdminPolicy -RCAMaxConcurrency Unlimited

  3. Run the following command to apply the new client throttling policy to the superuser account:

    set-mailbox -identity NPUMAdmin -throttlingpolicy NPUMAdminPolicy

    To confirm that the client throttling policy is set correctly:

  4. Access the Exchange Management Shell.

  5. Run the following command to show the client throttling policy for the NPUMAdminPolicy Superuser account:

    Get-ThrottlingPolicy -identity NPUMAdminPolicy | Format-List

  6. Run the following command to show all client throttling policies:

    Get-ThrottlingPolicy
 | Format-List
Parent topic: About NuPoint Unified Messaging (For on-premise deployments only)