16.11.09

Exchange Server 2003 fun

Well with my new job in NY being very Microsoft centric I have run into the normal bevy of MS related issues. Namely random crashes, corruption and crap, I like to call it C3. The latest has been a blast to deal with.

How to add yourself as an Exchange Full Administrator without using ESM Delegation in my case this was because I couldn't use the ESM Delegation Wizard

Original issue: An Exchange mailbox had been corrupted and I needed to restore it from a backup. So I thought this should be easy(wrong).

Actions: I setup a Recovery Group just like I was supposed to and mounted the store recovered the mailbox etc.

Problem created: When trying to add a new user the new user's mailbox is created in the recovery group. This has to be one of the dumbest designs ever but, fine I will just delete the recovery group that I created and then recreate the user. Halt! Microsoft decided that is not a good idea and even though I created the RG I can't delete it, mind you I am logged in as a Local/Domain/Enterprise Admin so I should have super powers right? Nope.

Microsoft restricted that aspect to only Exchange Full Administrators(EFA). Fine, I looked around and figured out how to add an account as an EFA, this should be easy right? Wrong.
You cannot add an account to be a EFA unless you have an account and login credentials for an EFA. Now what? Off to Google I go.

A solution finally!
1. Log into the Exchange server with local/domain/ad admin rights
2. Run regedit and navigate to HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin
3. Create a new dword called ShowSecurityPage
4. Set the value from 0 to 1
5. Close the ESM if open
6. (re)Open the ESM
7. Right click on your Exchange Organization, select properties, Add the desired account with FULL access.
8. Go to your recovery group and delete the database then the recovery group itself

Now you are able to add your desired users and they will be added to the correct database

What a mess...