Hi,

I have a single Multi-role Exchange server 2013 installed in and working.

I need to delegate "Recipient Management" Admin Role to one Delegate (he will be responsible of a specific OU) ,

he should not see Users/Mailboxes located in other OUs.

I assigned the following permission through (EAC) to the delegate :

- Mail Recipient Creation

- Mail Recipients

- Reset Password Actually i can restrict "Write Scope" to the appropriate OU , but when the delegate Log in to Exchange Admin Center , he can see all Users / Mailboxes in the organization. He cannot edit ... but i want him to see only his own OU and hide the others. Is there a way to achieve this ? Thanks .

Hi,
Not what you want to hear but NO, there is no builtin way to define read scopes. You would need a Third-Party tool to achieve that.

Thanks Martina for your reply

I thought it could be done by enforcing "Deny Read " permission to that user on other OU objects from Active Directory .

well ... I tried but it did not work  :(

Anyone knows third-party tools to achieve that ??

Thanks

Hello Hamdi.M

" When you create a scope, you override the write scope that's defined on the management role you're assigning.  But you can't override the read scope that's configured on the management role."

That's why delegated user can see users /mailboxes in the organization .

http://technet.microsoft.com/en-us/library/dd351083%28v=exchg.150%29.aspx

Got it ... Thanks