Good evening,
Let me first say that I have some experience with Exchange 2013, but I am by far no expert. I have setup Exchange 2013 as a multi-tenancy mail server. Currently we are hosting email for 4 separate companies on a single server. Everything is setup and working great, however we recently found an issue that I am trying to resolve.
We would like to setup one or more users from each OU to serve as admins for their particular OU. Their purpose would be to create/modify recipient mailboxes and distributions groups. The purpose for this is so that someone from each company can login to the ECP and manage ONLY the recipients and groups for their particular OU, while the other OU's recipients and groups are not visible to them. We want these admin users to be able to manage recipients within their OU ONLY, without any knowledge of the other OUs.
The problem is when we setup a user as an admin and grand them permissions under the admin role policies, each admin can see ALL of the OUs, ALL of the recipients on the server, and ALL of the distribution groups. Of course, that allows any admin, regardless of which company they are with to view ALL recipient email addresses, etc. and that is what we are trying to change.
At this point, I don't know how to proceed. I read a similar post in these forums where the only response was to use a third party application to accomplish this, but if that is truly the only solution, which third party app COULD accomplish this?
<style type="text/css">.tmid_modified { background: #E4F1FD !important; border: 1px solid #3385D6 !important; } .tmid_modifying { background: #E4F1FD !important; } .tmid_popoutblock { display: table; ; top: 1px; left: 1px; visibility: hidden; width: 120px; height: 40px; background-color: #FFFFFF; z-index: 9999; color: #666666; font-size: 16px; box-shadow: 0px 5px 10px rgba(0, 0, 0, 0.25); text-shadow: 1px 0px 0px rgba(170, 170, 170, 1); }.tmid_formFillHint { display: table-cell; vertical-align: middle; font-size: 16px; }.tmid_icon { width: 24px; height: 24px; }.tmid_popoutblockicon { display: table-cell; vertical-align: middle; width: 24px; height: 24px; padding: 8px 8px 8px 8px; }</style>