Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to change the Exchange Server service account


View products that this article applies to.

Summary

This article describes how to change the Microsoft Exchange Server service account after the initial Exchange Server installation.

Microsoft does not recommend that you change the Exchange Server service account. However, in certain circumstances, you may have to perform this task. For more information about how to change the Exchange Server 5.5 service account, click the following article number to view the article in the Microsoft Knowledge Base:
266041 The "How to Change the Exchange Server 5.5 service account" white paper is available

↑ Back to the top


More information

Important After much consideration, Microsoft does not support changing the Exchange Server 5.5 service account. If you experience a bug when you follow this procedure, there will be no hotfix support. Before you implement the procedure in a production environment, make sure that you test the procedure in a lab environment to make sure that no problems will occur.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Warning If you use the raw mode of the Exchange Server Administrator program (admin /r) incorrectly, serious problems may occur that may require you to reinstall Microsoft Windows NT Server, Microsoft Exchange Server, or both. Microsoft cannot guarantee that problems that result from using raw mode incorrectly can be solved. Use raw mode at your own risk.

You may find that your Microsoft Windows NT administrator account is the Exchange Server service account some time after installation. To change the Exchange Server service account without reinstalling Exchange Server:
  1. Create a new Windows NT account that will be the new Exchange Server service account. Give this account Act as Part of the Operating System, Logon as a Service, and Restore Files and Directories rights. The password must be the same as the current Exchange Server service account password.
  2. Start the Microsoft Exchange Server Administrator program in raw mode by typing the following at a command prompt:
    c:\exchsrvr\bin\admin /r
  3. Assign the new account Service Account administrator permissions on the Organization container, Site container, and Configuration container property pages.
  4. Add the new account to the Schema object:
    1. View the raw directory. To do so, on the View menu, click Raw Directory. After you click Raw Directory, a check mark is displayed on the View menu in front of Raw Directory.
    2. A new object called the Schema object is displayed in the directory tree at the site level. Click the Schema object, and then click Raw Properties on the File menu.
    3. Under List attributes of type, click to select All.
    4. Click to select Object Attribute, scroll down to NT-Security-Descriptor, and then click Editor.
    5. Under Attribute Editor Selection, click to select NT Security Descriptor, and then click OK.
    6. Add the new account.
    7. Click OK.
    8. Click OK, click Apply, and then click OK.
    9. Click Set, click Apply, click OK, click Yes, and then click OK.
    10. Close the Microsoft Exchange Administrator Console.
  5. If the new account is not a member of the Local Administrators group, give the new account Full Control on the following registry keys and subkeys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

    HKEY_USERS
    To do this, you need to edit the registry.

    Start Registry Editor (Regedt32.exe), click to select each key, and then perform the following steps:
    1. Click Security, and then click Permissions.
    2. Click Replace Permission on Existing Subkeys.
    3. Click Add.
    4. Click the new account in the Add Users and Groups list.
  6. Stop the Exchange Server services.
  7. In Control Panel, double-click Services and change the Log On account for each Exchange Server service. To do this, click each Exchange Server service, click Startup, and change the Log On As account. Enter the password for each service.
  8. Restart all of the Exchange Server services. All of the services should start with the new Exchange Server service account.
If you want to change the password, you can change it by using the Exchange Server Administrator program, in the Configuration property page. You must also change the password in Windows NT by using the User Manager for Domains utility.

Under the C:\Exchsrvr folder, there are five shared folders (the Add- ins, Address, Connect, Res, and Tracking.log folders). For proper operation, the default permissions on these folders are the following:
  • Administrator: Full Control
  • Everyone: Read
  • service_account: Full Control
You need to change the permissions on these folders to reflect the new service account that is in use.

Note This procedure also works on a Windows 2000, Exchange 5.5 cluster server implementation.

↑ Back to the top


Properties

Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

↑ Back to the top


Keywords: KB152808, kbusage, kbhowto

↑ Back to the top

Article Info
Article ID : 152808
Revision : 9
Created on : 10/28/2006
Published on : 10/28/2006
Exists online : False
Views : 462