Re: Delegation of rights in Active Directory for Exchange 2003
- From: "James Chong" <james.chong@xxxxxxxxxx>
- Date: 10 Oct 2006 11:02:48 -0700
Link goes over delegating rights in detail and minimum rights to
perform Exchange tasks.
Working with Active Directory Permissions in Exchange Server 2003
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3ad.mspx
James Chong
Anthony_CCUCC wrote:
Hi Ed,
Thanks for that pointer I took a quick look through it but I don't think it
really has what I am looking for but I could be wrong :-)
You see currently our Exchange Admin who has full Exchange rights cannot
create mailboxes. I think this is down to the lack of Active Directory
rights. In our test environment we delegated rights to the Exchange Admins to
be able to create/modify users. In the real environment I want to minimise
the rights that the Exchange Admins have over the users. If it is required
that they have the rights above that is fine so long as their is a
justification for it.
Thanks.
Anthony
"Ed Crowley [MVP]" wrote:
I think you ought to read this:
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exsecure.mspx
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"Anthony_CCUCC" <AnthonyCCUCC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0AD9867D-C08C-4CA8-B9D5-8EB7E1CD3CF7@xxxxxxxxxxxxxxxx
Hi,
We are in the process of migrating from Exchange 5.5 to Exchange 2003 and
migrating from one domain to another domain.
The environment consists of a forest with multiple child domains and the
Exchange 2003 servers will be located in one of the child domains in this
forest. The Exchange 5.5 servers are located in a different forest with a
single domain. There are two way trusts between the root domain of the
forest
containing the Exchange 2003 servers, the child domain containing the
Exchange 2003 and the domain with the Exchange 5.5 servers.
In the case of some of the child domains in the Exchange 2003 forest, the
domain administrators will be responsible for user administration and the
Exchange administrators will be responsible for exchange tasks such as
mailbox management in each of the child domains. The Exchange 5.5 forest
will
be retired once all users and mailboxes have been migrated to the child
domain with the Exchange 2003 servers.
In the Exchange 5.5 setup the Exchange admins have Domain Administrator
rights but the Exchange admins will not be domain administrators in the
Exchange 2003 forest.
My question is what are the rights that should be delegated to the the
Exchange Admins to allow them to do the Exchange management tasks through
all
the child domains in the Exchange 2003 forest or can someone point me to
some
documentation on this. I presume the rights will have to be delegated by
each
of the domain administrators in each of the child domains.
If you need any further info let me know.
Thanks.
Anthony
.
- Follow-Ups:
- Re: Delegation of rights in Active Directory for Exchange 2003
- From: Anthony_CCUCC
- Re: Delegation of rights in Active Directory for Exchange 2003
- References:
- Re: Delegation of rights in Active Directory for Exchange 2003
- From: Ed Crowley [MVP]
- Re: Delegation of rights in Active Directory for Exchange 2003
- From: Anthony_CCUCC
- Re: Delegation of rights in Active Directory for Exchange 2003
- Prev by Date: Re: Deleting the first information store
- Next by Date: Re: Adding/Migrating from Exchange 2003 to *EXCHANGE 2003*
- Previous by thread: Re: Delegation of rights in Active Directory for Exchange 2003
- Next by thread: Re: Delegation of rights in Active Directory for Exchange 2003
- Index(es):
Relevant Pages
|
