Exchange 2013 sp1 cu7

I have a specific set of access I want certain non-admin users to have to mailboxes.  The Mail Recipients & Mail Creation role groups are much too open. I created 2 new role groups, based on those default groups and have made multiple attempts at getting the right role entry settings, but its not working.  Some settings I think I have fixed, but others I cant figure out how to gray out.

Heres what I want to allow:

Create a mailbox

Browse to AD and associate the new mailbox with an existing user account from a specific container

Choose the correct mail database

Enable/disable ActiveSync

Enable/disable OWA for devices

Enable/disable OWA

Set the Retention Policy

Issues On the New Mailbox tab, Browse to AD is grayed

    On Mailbox Features tab, all options are available for editing instead of just the options I listed above.

 Thanks for any suggestions!

Hi meetoo,

Base on my knowledge, it seems that the permission which access to AD is missing in these new-created role groups.

I recommend you compare with the "Mail recipients" & "Mail recipient creation" groups, and add the following role entry settings to new groups, and check if any helps:

Set-ADServerSettings

Get-User

Get-OrganizationalUnit

Get-ADServerSettings

Best regards,

I was able to get the browse button un-grayed.

Now, how can I limit what options they have access to on the Mailbox Features tab?

I don't mind if they can see certain options, just not be able to change them.

thanks