Re: Delegation Problem on Exchange 2007 SP1

---

• From: Guy Melamed <guy.melamed@xxxxxxxxxxxxxx>
• Date: Sun, 30 Mar 2008 01:11:00 -0700

---

Thanks to both of you.

I think I wasn't clear on the subject, and I will try to explain again:

1. I have a Help Desk Group in Active Directory. They are not part of the
Domain Admins Group.

2. I need Help Desk group users to be able to grant the Full Mailbox Access
and Send as Permission from the 2007 EMC to other employees. Example given:
User1, is a member of the Help Desk group. He is required to grant User2 full
mailbox permission and send as to User3. User2 and User3 are regular users
that belong only to the Domain Users group.

Currently I gave the Help Desk Group Full Permissions on the Users OU in
Active Directory, and Exchange Recipients Administrator in the Exchange
Organization scope.

When Help Desk Users are trying to grant the Full Mailbox permission and/or
the Send As permission, they get an error.

My question is:

What are the minimum required permissions I need to give to the Help Desk
Group, so they will be able to grant Full Mailbox and Send As permissions to
other mailboxes?

Thanks,

Guy



--
Guy Melamed
MCSE: Messgaing (2000/2003)


"Ed Crowley [MVP]" wrote:

Agreed that Send As is a user right, not a mailbox right.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:io5ou398o9kbh5ibklj73i4hctb76rv3c9@xxxxxxxxxx

"Ed Crowley [MVP]" <curspice@xxxxxxxxxxxxxx> wrote:

You can grant these rights on the mailbox store object, the server object,
or the administrative group object. There are issues if this
administrative
account is a member of Domain Admins because of an explicit Deny that
Exchange creates.

Well, you /used/ to be able to have "Send As" inherited as part of the
"Full Mailbox Access", but that hasn't worked for a while. The FMA
permission is "Receive As" and that can be inherited from the store or
server, but "Send As" is a domain permission and can be granted on an
indvidual user or inherited from an OU or from the root of the Domain.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx
mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx
mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx

.

---

• Follow-Ups:
  • Re: Delegation Problem on Exchange 2007 SP1
    • From: Rich Matheisen [MVP]

• References:
  • Re: Delegation Problem on Exchange 2007 SP1
    • From: Ed Crowley [MVP]
  • Re: Delegation Problem on Exchange 2007 SP1
    • From: Rich Matheisen [MVP]
  • Re: Delegation Problem on Exchange 2007 SP1
    • From: Ed Crowley [MVP]

• Prev by Date: Re: Showing Mail-Enabled Groups in Custom GAL
• Next by Date: RE: Forefront Updates Time out
• Previous by thread: Re: Delegation Problem on Exchange 2007 SP1
• Next by thread: Re: Delegation Problem on Exchange 2007 SP1
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.admin  > 2008-03