User Permissions
billybob01
Member Posts: 504
in Off-Topic
This is really doing my head in. I need 4 people to be able to create user accounts, but when they try and create an account they cannot create a mailbox for the user!! I have tried delegating Exchange Administrative View Only permissions to the group they are in but still no joy!! What am i missing here??
Comments
-
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Is this the same problem you posted here?
http://www.techexams.net/forums/viewtopic.php?t=28453
What versions of Windows and Exchange are you using?The only easy day was yesterday! -
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
billybob01 wrote:This is really doing my head in. I need 4 people to be able to create user accounts, but when they try and create an account they cannot create a mailbox for the user!! I have tried delegating Exchange Administrative View Only permissions to the group they are in but still no joy!! What am i missing here??
Aren't they going to need more rights than "view" to create mailboxes on the Exchange Server?All things are possible, only believe. -
Sie
Member Posts: 1,195
Im not up to speed with exchange but dont the users need more that View rights to create the mailboxs??.......Foolproof systems don't take into account the ingenuity of fools
-
blargoe
Member Posts: 4,174 ■■■■■■■■■□
They have to have Exchange Administrator I believe.
EDIT: Not necessarily... if they have View only and read/write to the AD attributes listed in this Technet
http://technet.microsoft.com/en-us/library/5c5ab164-536d-4d86-a529-f6a34ce1da1c.aspxIT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Sie
Member Posts: 1,195
Dang you Mark finishing before me AGAIN.
Maybe if I go to do my work here you'll have beaten me to it.......
Foolproof systems don't take into account the ingenuity of fools -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
sprkymrk wrote:Aren't they going to need more rights than "view" to create mailboxes on the Exchange Server?
That was my first reaction too, but if you follow the link from the other thread, that's all the page calls out for.
http://technet.microsoft.com/en-us/library/bb124053.aspxtechnet wrote:What permissions do I need to be able to create and delete Exchange Server 2003 users?
If you are responsible for both user and mailbox management, you need to have permissions to create a user object in Active Directory. For example, you could be a Domain Admin, Account Operator, or you might have delegated access to a specific organization unit. In addition, you need the following Exchange permission:
* The Exchange View Only Administrator role to the administrative group where the target Exchange Server 2003 server exists.
If you are responsible for mailbox-enabling users post-account creation, you can use a reduced set of permissions (in addition to the Exchange View Only Administrator).blargoe wrote:They have to have Exchange Administrator I believe.
EDIT: Not necessarily... if they have View only and read/write to the AD attributes listed in this Technet
Wouldn't the Exchange Administrator role be overkill for this task since that would give them much more control over the Exchange environment as well? -
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
I also just noticed something else in the tech net quote - is mailbox "management" the same thing as "creation"?All things are possible, only believe.
-
royal
Member Posts: 3,352 ■■■■□□□□□□
Exchange 2003:
Give a user Exchange Administrator permissions to the Administrative Group they need to create users.
Have that user use the Exchange-Specific Management Tools to open up ADUC (the orange ADUC) and create the new user in AD. It'll then ask you to create the mailbox.
Exchange 2007:
Give the user Recipient Administrator permissions. This new group was created to prevent giving someone too many permissions with the Exchagne Administrator group. You can create a customized Exchange Management Console view in the MMC so a recipient administrator can only create and manage users in a specific OU. This complies with the Principle of Lease Priviledge and I would highly recommend only giving those users Recipient Administrator permissions and creating the customized MMC.“For success, attitude is equally as important as ability.” - Harry F. Banks
