Archive for the Exchange 2010 Category

While working with my ConfigMgr 2012 lab environment, I figured why not take a look at the new mobile device management capabilities. This would provide me the option to manage mobile devices from within ConfigMgr instead of managing these through Exchange.

When I first tried to configure this setting, I couldn’t get it to work properly since I didn’t entirely know which rights I should give to this new user account that I created for this connector. After trying a couple of combinations, I got it to work; however this was a way to over-privileged account which is far from the desired result. So I began searching again, and found a script on the TechNet Gallery created by the Exchange Team, which created a role group and management roles within Exchange and then adds a user to it, for the Windows Intune Exchange Connector. This was very close to what I was looking for, however Windows Intune requires access to more cmdlets than ConfigMgr does. So I edited the script slightly to reflect the names used for the role group and the management roles for ConfigMgr usage and removed the unnecessary cmdlets. The result is that the user account that will be added to this role group, now only has the minimum rights as needed to perform the device management features from within ConfigMgr 2012.


I’ve uploaded the modified version of this script onto the TechNet library, which you can find at the following location: link.

As for how to configure the Exchange Connector within the ConfigMgr 2012 Console, you can add these from the Administration View > Hierarchy Configuration > Exchange Server Connectors.

  • Click “Add Exchange Server”
  • Specify a CAS server in the format: http://fqdn
  • Click next.
  • For the user account to be used, specify an account to connect to the Exchange Server
  • If you have not already added an account within the Security > Accounts section, you’ll have to add a new account. This account needs to be the same account that was used when executing the script to provision it with the proper user rights.
  • Click next, configure the discovery settings if applicable, then configure the group settings for device management (these pages can be accessed at a later time again by opening the properties of the Exchange Connector).
  • After pressing next at the summary screen, the process will start and add the connector to the management console.


I hope you found this as useful as I did, since it will save me a lot of time anytime I will need to configure this for a lab or demo environment.

Kind regards,

Stephan Schwarz