Re: Delegating Echange Full Admin Roghts

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

The message at the end isn't an error. It is simply a warning/information
message. The reason is that you have to be local admin in order to
administer "some" functions, such as message tracking logs.

If you check the Security tab on the server, then go to the Advanced, do you
have inheritance turned off? That would be the most likely cause. If
inheritance is not turned off at the server level, check each level going
up.

Also, remember that you are setting permissions on AD objects. If you have
a large AD infrastructure (not sure if you do or not), it can take some time
for this to propagate to all DC/GC's.

--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"VB" <vb@xxxxxxxxxxxx> wrote in message
news:A1AC2EC0-D17A-487F-AD0B-EA750E81F12A@xxxxxxxxxxxxxxxx
I am doing just that, logged in with an account that has exchange full
admin
rights, and trying to delegate, at the end of delegation i get an error
saying "the account has to be a member of a local admin group in order to
fully administer exchange server". Nopw the account stayes in the
delegation
window, but not in the security tab on the servers.

Thank For you help
VB


"Ben Winzenz [Exchange MVP]" wrote:

What specifically didn't work? The delegation? You can only delegate
rights to other accounts using an account that is already an Exchange
Full
Administrator. If you are signed on as yourself (even if you are a
domain
admin), and trying to delegate Exchange Full admin rights to your
account,
it won't work. When you do the delegation, look at which other accounts
already have Exchange Full Admin rights, and sign on as one of those
accounts.

--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"VB" <vb@xxxxxxxxxxxx> wrote in message
news:598D2CD3-E2C0-4BC9-90A4-26363FAFB230@xxxxxxxxxxxxxxxx
Thanks for the info, i will consider this going foward, yet the issue
at
hand
is that I cannot delegate admin rights to a user.

"Ben Winzenz [Exchange MVP]" wrote:

In that case, in addition to delegating Exchange Admin rights (Full
Admin
really isn't needed), typically you need Send As and Receive As
permissions
on the mailbox stores. Coincidentally, when you delegate Full Admin
rights,
an inherited Deny is placed on the mailbox stores for that user, so
you'll
have to modify the Deny and explicitly set an Allow fo that user
account.
This is set on the Mailbox Store properties, Security tab.

On another note, why do you want to perform mailbox-level backups?
What
do
you feel it will gain you over a traditional online backup? Sure, it
lets
you restore individual mailboxes (or individual items) if needed, but
at
what cost? Mailbox level backups (lovingly refererred to as Brick
level
Backups) typically vastly increase the time and amount of tape needed
for
a
backup. Since Exchange 2003 has both deleted items retention and
deleted
mailbox retention, along with the Recovery Storage group, the
usefulness
of
BLB's has vastly declined.

--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"VB" <vb@xxxxxxxxxxxx> wrote in message
news:0BDB70CA-536E-4109-83FF-8922565FA377@xxxxxxxxxxxxxxxx
Yes, i am.

"Ben Winzenz [Exchange MVP]" wrote:

What exactly is your backup service acount trying to back up? Are
you
trying to back up individual mailboxes (guessing)?

--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"VB" <vb@xxxxxxxxxxxx> wrote in message
news:AEDFD5FF-CE17-42D9-88A3-3915B6B6DAC8@xxxxxxxxxxxxxxxx
Hi,
I am trying to setup a backup servive account to backup my
exchange
services. The issue im having is at the end of delegation, an
error
messgae
says I have to be a local admin on the machine. I went ahead and
added
this
account as local admin - did not work, I even added it as a
domain
admin
(testing) did not work. Then being that im a domina admin and
local
admin
on
teh exchange server i added my self, and again it did not work.
Any
clue??

I am ryunnnig ad 2003 native mode, excahgne 2003 sp1 on win2k3
with
sp1

Let me know...becuase this is really strange....Thanks VB











.

Relevant Pages

  • Re: local admin account password
    ... What I think would be a better scheme is to set a very complex* random ... This eliminates the vulnerability created by weak admin passwords ... Do you think if someone wanted to break the local admin account they ...
    (Focus-Microsoft)
  • Re: how to detect mailbox snooping?
    ... and not asking the admin to change it for them. ... Then, I would monitor the mailboxes in question, ... They could easily and quickly add themselves with full mailbox ... account, and would be using a backup account or some other account to gain ...
    (microsoft.public.exchange.admin)
  • Re: Client Installation Issues: SMS 2.0 SP5
    ... Log on locally as LOCAL admin and install. ... Log on Locally as domain user who has LOCAL admin rights. ... The SMS Service account IS a domain admin ...
    (microsoft.public.sms.setup)
  • Re: Incoming E-Mail - cant create contact in OU
    ... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: computers locked out of the domain?
    ... Admin so that some one could work at the station. ... in the active directory' users & computers I looked at the computer account ... down or the account etc but then when I log on to the local admin acc' I can ... use the remote desktop to connect to the server, no problems & when I take ...
    (microsoft.public.windows.server.networking)