help understanding administrative groups.

ladiesman217ladiesman217 Member Posts: 416
in Exchange Server & Office Communications Server Exams
Can someone enlighten me how administrative group work. Does it mean you only need only 1 administration group in a single domain and requires another administration group when working with a multiple domain environment?
No Sacrifice, No Victory.
· Share on FacebookShare on Twitter

Comments

  • ClaymooreClaymoore Member Posts: 1,637
    Exchange 2003 Administrative Groups form boundaries for exchange administration and are independent of domains. You can have multiple administrative groups in a single domain or a single administrative group covering multiple domains.

    Understanding Exchange Server 2003 Administrative Models

    Administrative groups have been deprecated in 2007 and beyond, although all 2007 are placed in an administrative group (EXCHANGE12ROCKS in a simple ceasar cipher) for 2003 co-existence.
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
  • ladiesman217ladiesman217 Member Posts: 416
    Hi claymoore thanks for the quick reply. :)
    I'm currently reading the link.
    No Sacrifice, No Victory.
    · Share on FacebookShare on Twitter
  • rjbarlowrjbarlow Member Posts: 411
    Claymoore wrote: »
    Administrative groups have been deprecated in 2007 and beyond, although all 2007 are placed in an administrative group (EXCHANGE12ROCKS in a simple ceasar cipher) for 2003 co-existence.
    Why that? It is better or worst? icon_sad.gif
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
    · Share on FacebookShare on Twitter
  • ClaymooreClaymoore Member Posts: 1,637
    rjbarlow wrote: »
    Why that? It is better or worst? icon_sad.gif

    IMO, it's definitely an improvement. Administrative groups were designed to help delegate and segregate administration, but they became more of a hindrance than a help. You either had rights to everything, rights to everything in your administrative group, read only rights, or no rights. Even though mailboxes could eventually be moved between administrative groups, servers could not. Combine that with the fact you need at least account operator rights to create mailboxes and you have a case where either you don't have enough permissions to do your job or you have way too many.

    A very broad and inflexible rights model doesn't work well with most large organizations. If you exist in a single domain with 1 or 2 Exchange servers and only 1 admin, you probably don't care. But when you start dealing with multiple sites, servers, and political silos it becomes a pain. Now you can grant someone rights to create a mailbox but not administer a server - or vice versa - and that is an improvement.

    Exchange 2010 improves this further with customized web-based administrator consoles.
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
  • ClaymooreClaymoore Member Posts: 1,637
    I was catching up on some blog reading when I came across this post by a famous and well-respected member of the Exchange community about the changes in administration coming in 2010.

    Exchange 2010 Permissions and Security Groups | Elan Shudnow's Blog
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
Sign In or Register to comment.