Using the ECP with a Non-Mailbox Enabled Account | Quisitive
Using the ECP with a Non-Mailbox Enabled Account
February 1, 2011
See how below

The Exchange Control Panel (ECP) was designed to allow administrators and users the ability to perform common management tasks within Exchange 2010 without installing any Management Tools.  This is a great option that the Exchange team included with Exchange 2010.

With Exchange 2010 RTM, it was not possible to log into the ECP unless the user logging in had a mailbox.  This is ok for most users since one of the design goals of ECP was to provide a way for users to “self-service” their account.  Users can get to the ECP by selecting Options –> See All Options…within OWA.

Where this breaks down is that best practices state that users which require administrative rights should split accounts so that the user has an everyday account (that is mail enabled) and a privileged account (that is not mail enabled).  With Exchange 2010 RTM, this pushed administrators to enable their administrator accounts for email or just use their everyday account to administer Exchange.

Starting with Exchange 2010 SP1, non-mail enabled accounts can now log into the ECP.  As an example, the following user ExchangeAdmin is a member of Organization Management and does not have an email account.

Most users access the ECP from the Options menu in OWA.  If ExchangeAdmin tries to log into OWA, they will get the following error:

In order for the ExchangeAdmin to be able to log into ECP, they will need to use the URL that takes them directly to the ECP to log in.  In my example, this is  The non-mail enabled account can now log in and access the ECP:

Now with Exchange 2010 SP1, non-mailbox enabled accounts can log in to the ECP.