MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Working with EAC or Exchange administration center in Exchange 2013 – Part1

Exchange Administration Center (EAC) replaces the Exchange Management Console (EMC) and the Exchange Control Panel (ECP), which were the two interfaces that were used to manage Exchange Server 2010. It is the web-based management console in Microsoft Exchange Server 2013 that allows for ease of use and is optimized for on-premises, online, or hybrid Exchange deployments.

One of the advantages of having the web-based EAC is that you can partition access from the Internet/Intranet from within the ECP IIS virtual directory to allow or disallow management features. This allows you to permit or deny access to users trying to access the EAC from the Internet outside of your organizational environment, while still allowing access to an end-user’s Outlook Web App Options

Because the EAC is now a web-based management console, you will need to access it by using your web browser using the ECP virtual directory URL. To find the ECP virtual director URL that you need to access the EAC in most cases the EAC’s URL will look similar to the following:

Internal URL: https://<CASServerName>/ecp   the internal URL is the URL that user’s access the EAC from within your organization’s firewall.

External URL: https://mail.contoso.com/ecp   the external URL is the URL that user’s access the EAC from outside of your organization’s firewall.

To find the Internal or External URL for the EAC, use the Get-ECPVirtualDirectory cmdlet

Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalURL

If you are trying to access EAC for the first time and your mailbox is on Exchange 2010, you need to use the URL in the format:

https://Exchange2013ServerName/ecp?ExchClientVer=15

This is because in a co-existence scenario, your mailbox is still housed on the Exchange 2010 mailbox server, the browser will default to the Exchange Server 2010 ECP. Now if you want to access the Exchange 2010 ECP and your mailbox resides on an Exchange 2013 mailbox server, use the following URL:

https://Exchange2010ServerName/ecp?ExchClientVer=14.

Now let’s take a look at the tool and learn the new EAC. As soon as you launch EAC, you get the screen displaying options available in EAC. I have collated them all to give you an idea what different tabs display.

 

Recipients Tab:

Here, you have the option of managing recipients and their mailbox information. Other options include working with Groups, resource mailboxes and room mailboxes, creating and configuring contacts, Setup and manage shared mailboxes and configure Migration jobs called Migration batches.

To know which mailbox database a user is residing in Exchange 2013 you need to double click the user and click “More Options”

Now you can view:

Remember that Database is no longer a Server object but an entity of DAG, so you won’t see a specific server name here.

When you look at a mailbox object you may see several options to configure accordingly.

Permissions Tab

In the Permissions tab, you have an option to view all the default Admin roles as shown. You may also add your own admin roles. Here you can also configure User Roles and Outlook Web App policies

Compliance Management

This role group will allow a specified user, responsible for compliance, to properly configure and manage compliance settings within Exchange in accordance with their policy.

Delegated Setup

Members of this management role group have permissions to install and uninstall Exchange on provisioned servers. This role group shouldn’t be deleted.

Discovery Management

Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.

Help Desk

Members of this management role group can view and manage the configuration for individual recipients and view recipients in an Exchange organization. Members of this role group can only manage the configuration each user can manage on his or her own mailbox. Additional permissions can be added by assigning additional management roles to this role group.

Hygiene Management

Members of this management role group can manage Exchange anti-spam features and grant permissions for antivirus products to integrate with Exchange.

Move Mailbox

Members of this management role group can Move Mailboxes

Organization Management

Members of this management role group have permissions to manage Exchange objects and their properties in the Exchange organization. Members can also delegate role groups and management roles in the organization. This role group shouldn’t be deleted.

Public Folder Management

Members of this management role group can manage public folders. Members can create and delete public folders and manage public folder settings such as replicas, quotas, age limits, and permissions as well as mail-enable and mail-disable public folders.

Recipient Management

Members of this management role group have rights to create, manage, and remove Exchange recipient objects in the Exchange organization.

Records Management

Members of this management role group can configure compliance features such as retention policy tags, message classifications, transport rules, and more.

Server Management

Members of this management role group have permissions to manage all Exchange servers within the Exchange organization, but members don’t have permissions to perform operations that have global impact in the Exchange organization.

UM Management

Members of this management role group can manage Unified Messaging organization, server, and recipient configuration.

View-Only Organization Management

Members of this management role group can view recipient and configuration objects and their properties in the Exchange organization.

Compliance Management Tab

This feature is one of the primary reasons organizations would employ Exchange 2013. With this version of Exchange, Microsoft has taken Security practices to the next level. Prior to Exchange 2013, organizations had to invest substantial amount of money in Data Loss Prevention. With Exchange 2013, it is available out of the box. You simply need to create templates with the standards you want to implement for email security requirements. You may also purchase pre-configured templates from third party vendors and upload to your Exchange organization.

Here, you have an option to view and make changes to In-Place eDiscovery & Hold, auditing, data loss prevention, retention policies, retention tags, and journal rules.

For example, click on the Auditing tab and you have the option to:

Also, click on the tab Data Loss prevention and here you have an option to create a new policy from a template. There are several templates to choose from with pre-configured information security laws of country specific legal requirements.

To configure an MRM policy or Archive policy with Exchange 2013, click the tab retention policies:

You may also create retention tags and Journal rule here.

In this part of article we took a look at 3 major features of Exchange 2013 EAC.

To be continued…

Ratish Nair

MVP Exchange

Team @MSexchangeGuru

Keywords: Unable to access Exchange Administration center in Exchange 2013, Unable to access EAC in Exchange 2013, Unable to access EAC, Working with EAC, How to learn Exchange administration center, Exchange 2013

12 Responses to “Working with EAC or Exchange administration center in Exchange 2013 – Part1”

  1. Exchange 2013: Creating and Testing Data Loss Prevention (DLP) Policies « MSExchangeGuru.com Says:

    […] Working with EAC or Exchange administration center in Exchange 2013 – Part1: https://msexchangeguru.com/2013/01/16/eac-exchange-2013/ […]

  2. Anand Sunka Says:

    Hi Experts,

    Nice article thanks for sharing. I have installed EX13 in a testing environment on Win2008R2. I tried accessing EAC by using this link:

    https://EX2013/nuggetlab.com/ECP but it shows Outlook Web App home page only, it never shows EAC on homepage.

    After I login it shows EAC & all the settings, Tabs.
    My concern is when we try to access by using ECP link, it should show EAC on home page but it never shows but after I log off it shows EAC on home page.

    Does it shows due to any BUG in EX13?

    Asking just for information

    Regards
    Anand S

  3. ishwar Says:

    I want to give rights to an user how should be able to add and remove the users from group mailbox using ECP

  4. ishwar Says:

    need tech guru’s help

  5. Exchange 2010/2007 to 2013 Migration and Co-existence Guide « MSExchangeGuru.com Says:

    […] Working with EAC or Exchange administration center in Exchange 2013 – Part1: https://msexchangeguru.com/2013/01/16/eac-exchange-2013/ […]

  6. SteveT Says:

    Trying to install the Exchange 2013 Management tools on my Windows 7 machine,but I get this error: Either Active Directory doesn’t exist, or it can’t be contacted. Trying to run some Exchange Powershell scripts locally.

  7. Prabhat Nigam Says:

    @Steve
    Check this if it helps – http://technet.microsoft.com/en-us/library/ms.exch.setupreadiness.cannotaccessad(v=exchg.150).aspx

  8. Nara Ji Says:

    How to disable “Manage Full Access Permission ” tab in Recipient Management ?

  9. Spamhater007 Says:

    The worst part about EAC is the inability to FILTER recipients, frustrating scrolling thru 4,000 mailboxes. In 2010 EMC, I could set a filter showing only mailboxes in a specific database or specific OU. Then quickly export that to a text file.

  10. Prabhat Nigam Says:

    EMS is way to go and future of Exchange. Get used to to powershell.

  11. pinky Says:

    Hi,

    I updated the deleted user in Active Directory and moved to Hold Non-Investigation. AAD sync ran the update cycle. But I still see that user under deleted user under Exchange Admin Center.

    Please help!!
    Pinky

  12. Prabhat Nigam Says:

    There is something wrong with the sync or you need to refresh the office 365. You should open a support ticket from office 365 and let MS check your FIM (AADsync).

Leave a Reply

Categories

Archives

MSExchangeGuru.com