Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Minimum Permissions Required to Create Mailboxes on Exchange 2000 via Exchange Task Wizard

Posted on 2004-09-17
3
409 Views
Last Modified: 2008-02-26
We have a Windows 2000 domain and Exchange 2000.  I am trying to set up a user account with permissions to create AD accounts with mail.  The user account is a member of the Account Operators group and account creation works.  When using the Exchange Task Wizard, the mail servers box is populated but the mailbox store box is empty.  I have created a group called "Mailbox Creators" and made the user a member.  I went into Exchange System Manager and ran the Exchange Administration Delegation of Control Wizard.  I added the "Mailbox Creators" group as Exchange Administrator.  I viewed the properties on both mailbox stores and the Mailbox Creators group has everything checked except for Change Permissions and Take Ownership.  Receve As and Send As are marked Deny.

What other permissions are needed to allow mailbox creation?
0
Comment
Question by:lman1971
3 Comments
 
LVL 6

Accepted Solution

by:
v_alber earned 500 total points
ID: 12084312
Hi,
  You also need appropriate permissions in AD. Find the container when you create user objects, Users for example. Go  
  to it's properties, Security. If this group is part of Account Operators, make it has Read,Write,Create, Delete child
  objects permissions. If you have more then one DC, replicate the changes or wait for that.

Hope I helped.
0
 

Author Comment

by:lman1971
ID: 12084924
OK... that worked like a charm.  I though it would be a duplication of permissions.  If the user is part of the Account Operators group (full permissions on AD containers) and is also a part of Mailbox Creators group (with administrative privledges to the mailbox store) I'm not seeing why the Mailbox Creators group needs to be a member of the Account Operators group.  Any KB explaining this?

v_alber gets the points.  
0
 

Expert Comment

by:j3king
ID: 13269456
You could also add the account operators to view only group on the exchange server.  This would allow them the ability to create and delete exchange accounts without letting them change exchange configs.

http://support.microsoft.com/kb/316792
http://techrepublic.com.com/5100-6268_11-1054462-2.html
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question