Manualshelf

HP OpenView Storage Mirroring High Availability for Exchange Server 2000/2003 Application Notes (May 2005, T2558-88020)

ManualsBrandsHP ManualsSoftwareHP OpenView Storage Mirroring V4.4.2 Software
21222324252627282930
Storage Mirroring High availability for Exchange Server 2000/2003 application notes 29
Appendix 4: Security requirements
When performing failover operations, the Storage Mirroring software is designed to operate with Failover
Control Center running under the LocalSystem account, which is the same as the Microsoft Exchange
System Attendant service. This configuration should provide sufficient permissions for most operations that
occur during failover, including DNS updates, SPN updates, changes to the Active Directory schema, and
updating mailbox properties for each user.
NOTE: Depending on your environment, a lower level of permissions may be applied.
SPN updates
Failover
During failover, the source server's Active Directory SPNs will be moved to the target server's Active
Directory object. In order to accomplish this, the Write servicePrincipalName permission on the
source's computer account in Active Directory must be assigned to the account that will modify the SPNs,
which can be either of the following:
The target's Storage Mirroring service logon account. If the target's Storage Mirroring service is
configured to log on as the System account, the target's Active Directory computer account should be
assigned the permissions.
The account specified in the failover monitor configuration
Write or Full Control permissions (which are assigned to Domain Administrators by default) can also be
used to assign Write servicePrincipalName permissions.
Examples exchfailover -failover -s Indy -t ExchSrvr_Bkup
exchfailover -failover -s Indy -t ExchSrvr_Bkup -r
exchfailover -failover -s Indy -t ExchSrvr_Bkup -r Sales:Indy_Sales
exchfailover -failover -s Indy -t ExchSrvr_Bkup -r Sales,
Inside:Indy_Sales, Inside -r Sales, Outside:Indy_Sales, Outside
exchfailover -failover -s Indy -t ExchSrvr_Bkup -r Sales:Indy_Sales -norus
-u administrator:password
exchfailover -failover -s Indy -t ExchSrvr_Bkup -o options_file.txt
Notes When using the -failback option, the source-related options pertain to your original source or
what will become the new source, if the original source had to be replaced. The target-related options
pertain to the target that is currently standing in for the source.
The password specified with the -u option is the only case-sensitive option in this command.