Exchange 2003 Mailbox creation permissions
Hello everybody,
I'm developing a new strategy where helpdesk members will have delegated and limited permissions in the Domain structure. We have a domain with 1 exchange organization, containing 3 exchange servers.
Right now, I've found everything to let them create mailboxes and let them also move between certain stores. They don't have full admin rights on exchange. They have view only admin rights.
So far, so good.
But here comes my question :
I found out that the users can create mailbox on any exchange server. I don't know if this is normal behaviour ? After they created the mailbox, I move them and then they indeed get access denied for stores they're not allowed to move a mailbox toward. I guess the creation process is something else then moving the mailboxes.
Is there also a way we can force helpdeskmembers to only view the exchange server they're responsible for ? Cause right now they can easily make mistakes and let the users work accross the WAN.
Thanks in advance,
December 11th, 2009 6:32pm
So your Help desl memebers have domain admin right plus view only on exchange. I dont think thats possible. what ever permissions you give on AD or exchange , they are not specific to boxes. They in turn go to the doman and Exchange Org. If you see carefully, on exchange , all the permissions (view only or full admin etc) are given from the global level and not on server or store level. For better understanding on permissions
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2009 10:06am