Microsoft KB Archive/152808

= How to change the Exchange Server service account =

Article ID: 152808

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Exchange Server 4.0 Standard Edition
 * Microsoft Exchange Server 5.0 Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q152808





Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SUMMARY
This article describes how to change the Microsoft Exchange Server service account after the initial Exchange Server installation.

Microsoft does not recommend that you change the Exchange Server service account. However, in certain circumstances, you may have to perform this task. For more information about how to change the Exchange Server 5.5 service account, click the following article number to view the article in the Microsoft Knowledge Base:

266041 The "How to Change the Exchange Server 5.5 service account" white paper is available



MORE INFORMATION
Important After much consideration, Microsoft does not support changing the Exchange Server 5.5 service account. If you experience a bug when you follow this procedure, there will be no hotfix support. Before you implement the procedure in a production environment, make sure that you test the procedure in a lab environment to make sure that no problems will occur.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Warning If you use the raw mode of the Exchange Server Administrator program (admin /r) incorrectly, serious problems may occur that may require you to reinstall Microsoft Windows NT Server, Microsoft Exchange Server, or both. Microsoft cannot guarantee that problems that result from using raw mode incorrectly can be solved. Use raw mode at your own risk.

You may find that your Microsoft Windows NT administrator account is the Exchange Server service account some time after installation. To change the Exchange Server service account without reinstalling Exchange Server:  Create a new Windows NT account that will be the new Exchange Server service account. Give this account Act as Part of the Operating System, Logon as a Service, and Restore Files and Directories rights. The password must be the same as the current Exchange Server service account password. Start the Microsoft Exchange Server Administrator program in raw mode by typing the following at a command prompt:

c:\exchsrvr\bin\admin /r

 Assign the new account Service Account administrator permissions on the Organization container, Site container, and Configuration container property pages. Add the new account to the Schema object:  View the raw directory. To do so, on the View menu, click Raw Directory. After you click Raw Directory, a check mark is displayed on the View menu in front of Raw Directory. A new object called the Schema object is displayed in the directory tree at the site level. Click the Schema object, and then click Raw Properties on the File menu.</li> Under List attributes of type, click to select All.</li> Click to select Object Attribute, scroll down to NT-Security-Descriptor, and then click Editor.</li> Under Attribute Editor Selection, click to select NT Security Descriptor, and then click OK.</li> Add the new account.</li> Click OK.</li> Click OK, click Apply, and then click OK.</li> Click Set, click Apply, click OK, click Yes, and then click OK.</li> Close the Microsoft Exchange Administrator Console.</li></ol> </li> If the new account is not a member of the Local Administrators group, give the new account Full Control on the following registry keys and subkeys:

'''HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

HKEY_USERS'''

To do this, you need to edit the registry.

Start Registry Editor (Regedt32.exe), click to select each key, and then perform the following steps: <ol style="list-style-type: lower-alpha;"> Click Security, and then click Permissions.</li> Click Replace Permission on Existing Subkeys.</li> Click Add.</li> Click the new account in the Add Users and Groups list.</li></ol> </li> Stop the Exchange Server services.</li> In Control Panel, double-click Services and change the Log On account for each Exchange Server service. To do this, click each Exchange Server service, click Startup, and change the Log On As account. Enter the password for each service.</li> <li>Restart all of the Exchange Server services. All of the services should start with the new Exchange Server service account.</li></ol>

If you want to change the password, you can change it by using the Exchange Server Administrator program, in the Configuration property page. You must also change the password in Windows NT by using the User Manager for Domains utility.

Under the C:\Exchsrvr folder, there are five shared folders (the Add- ins, Address, Connect, Res, and Tracking.log folders). For proper operation, the default permissions on these folders are the following:
 * Administrator: Full Control
 * Everyone: Read
 * : Full Control

You need to change the permissions on these folders to reflect the new service account that is in use.

Note This procedure also works on a Windows 2000, Exchange 5.5 cluster server implementation.

Keywords: kbhowto kbusage KB152808

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.