Setting up a Full Read Microsoft Exchange On-Premises Account

You need to set up a Microsoft Exchange on-premises account to crawl many mailboxes using a single source. This account must have read access on all the mailboxes and all the public folders that you want to include.

Create a dedicated account for Coveo Cloud. We recommend that you use an account whose password never expires to avoid crawling issues. Otherwise, you must update the password in the user identity after each password change.

To set up a full read Microsoft Exchange on-premises account to retrieve federated users’ mailboxes:

If your users are cloud-based, see Cloud-based users.

This method grants read permissions to the crawling account for all existing mailboxes, but also automatically for all mailboxes that will be created in the future.

  1. On the Microsoft Exchange Server, open the Exchange Management Shell.

  2. Run the following command, and then note the value for the Identity parameter:


  3. Run the following command:

    Add-ADPermission -user [crawling_account] -Identity [Identity] -AccessRights ReadProperty, GenericExecute -ExtendedRights "Receive-As"

    where you replace:

    • [crawling_account] with the name of your crawling account, or probably a best practice, by the name of a dedicated Active Directory group containing only your crawling account.

    • [Identity] with the value that you noted for the Identity parameter from the first command.

Method 2: Plan B

This Exchange Management Shell command applies the permissions to currently existing users. You must therefore repeat this procedure each time a new mailbox is added to Exchange to ensure that the crawling account gains access to the new mailbox content.

It’s therefore recommended to schedule an automatic procedure execution at an appropriate time interval.

  1. Ensure that the crawling account has an active mailbox on a Microsoft Exchange server.

  2. On the Microsoft Exchange Server, open the Exchange Management Shell.

  3. Type the following command to give sufficient rights to a user to crawl using WebDAV or WebServices:

    get-mailbox -ResultSize Unlimited | Add-MailboxPermission -User ‘mydomain\myuser’ –AccessRights FullAccess

    where you replace domain\user with the user that you want to use to crawl the Microsoft Exchange content.

What’s Next?

In the Coveo Administration Console, add an Exchange Enterprise source (see Add or Edit an Exchange Enterprise Source).

Recommended Articles