Exchange and AD permissions to create mailboxes
Hi everyone,
I've searched a lot for an answer in the net and haven't found an answer yet - I'd like to know if there is a way to grant a group permission to only create mailboxes for existing accounts, without giving them a permission to create users in AD.
I've already delegated them the "exchange Administrator" permission in ESM.
Thanks,
Lena.
June 13th, 2011 12:09pm
Hello leonora1,
I am assuming that you are using exchange 2003(ESM), Kindly check these two articles.
http://support.microsoft.com/kb/883381
http://technet.microsoft.com/en-us/library/bb124053(EXCHG.65).aspx
Let us know if you have any more question.
Cheers, Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2011 12:49pm
Hey,
Thank you! Helped a lot, but I cant find the following attributes in the delegation of control wizard (custom -> user objects -> property specific... ):
·
autoReplyMessage (ILS Settings)
·
homeMDB (Exchange Mailbox Store)
·
legacyExchangeDN
·
mail (E-Mail Address)
·
mailNickname (Alias)
·
msExchHomeServerName (Exchange Home Server)
·
proxyAddresses (Proxy Addresses)
·
showInAddressBook
·
textEncodedORAddress
Thanks!
Lena.
June 13th, 2011 8:53pm
Can someone please tell me how to grant those permissions? :(
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2011 3:19pm
You can't delegate Exchange Attributes.
You will have to give the permission of Exchange Admin to that user to whom you want to give.
Why are you looking for those attributes in delegates? Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com
June 15th, 2011 3:53pm
Hi Gulab,
I solved it already by dsacls. I wanted to know how I can create a group that can ONLY create mailboxes, without giving them write permissions on user objects.
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2011 4:36pm
Hi leonora1,
Please refer to these documents, hope can give you some help:
Overview of Exchange administrative role permissions in Exchange 2003
http://support.microsoft.com/kb/823018
Understanding Exchange Access Control and Administrative Delegation
http://www.msexchange.org/articles/understanding-exchange-access-control-administrative-delegation.html
Thanks,
Evan
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 15th, 2011 4:52pm
Hi Evan,
Thanks for your help. As I wrote earlier, my problem already solved. I used the ESM delegation wizard to grant the Exchange Administrator role, and the dsacls command to grant the relevant AD permissions (as detailed here: http://www.eggheadcafe.com/microsoft/Exchange-Admin/32064372/exchange-mailbox-permissions-and-mailbox-creation.aspx) in
order to let them create mailboxes.
Thanks again! Have a good day!
Lena.
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2011 6:03pm