Topic Last Modified: 2005-07-08

The Microsoft® Exchange Server Best Practices Analyzer Tool can only access the Active Directory® directory service and the Exchange servers if you run the tool using credentials that have all the required permissions.


To successfully run the Exchange Server Best Practices Analyzer, you must have the following permissions:

  • Domain Administrator, or a member of the Builtin\Administrators group on the Active Directory server, for enumerating Active Directory information and calling the Microsoft Windows® Management Instrumentation (WMI) providers on domain controller and global catalog servers.

  • Member of Local Administrators group on each Exchange server for calling the WMI providers and accessing the registry and metabase.

  • Delegated at least Exchange View Only Permissions on the Exchange organization.

If you log on to the computer on which you will run the Exchange Server Best Practices Analyzer with an account that does not have sufficient permissions, you have two options:

  1. Use the runas command to open a Command Prompt window that will run under an account that does have sufficient permissions, and then start the tool from this window. The syntax for this is the following:

    runas /netonly /user:<domain>\<username> exbpa.exe

  2. Set the credentials for the accounts you will use on the Connect to Active Directory page in the tool. Click Show advanced login options to expand the options. You can enter two accounts, one for connecting to Active Directory, and one for connecting to the Exchange servers. If you do not specify one or the other of these accounts, the account under which the tool is running will be used.

See Also