I have the following scenario:

A domain controller xyz.com that has a trust with other domains xpto.com, abc.com etc

The domain xyz.com acts as a resource forest for the other domains.

In my exchange server I want to allow the administrators of the other domains to create, edit and delete mailboxes for their users only in their respective email domains, as far as I have understood from reading the documentation on-line it is possible, but I can't seem to be able to make it work the way I want, created management scopes, role groups etc but my test user is still able to see mailboxes other than the ones that sould be allowed to see.

How can I create the permissions so that the xpto.com domain admin only seems his mailboxes and only is allowed to create new mailboxes for his users using his domain?

You can do this with Management Role Groups, which is based on Role Based Access Control.

In addition to those two links, have a look at Understanding Multiple Forest Permissions.

I hope that helps to get you started.

You can do this with Management Role Groups, which is based on Role Based Access Control.

In addition to those two links, have a look at Understanding Multiple Forest Permissions.

I hope that helps to get you started.

• Proposed as answer by Niko.ChengMicrosoft contingent staff Friday, April 04, 2014 2:30 AM
• Unproposed as answer by Nelson Graça 23 hours 33 minutes ago

You can do this with Management Role Groups, which is based on Role Based Access Control.

In addition to those two links, have a look at Understanding Multiple Forest Permissions.

I hope that helps to get you started.

• Proposed as answer by Niko.ChengMicrosoft contingent staff Friday, April 04, 2014 2:30 AM
• Unproposed as answer by Nelson Graça 23 hours 33 minutes ago

I already have read those but, the documentation feels lacking, while it is good to get the concepts fails to explain how to do anything concrete and specific.