?
Solved

Minimum Permissions Required to Create Mailboxes on Exchange 2000 via Exchange Task Wizard

Posted on 2004-09-17
3
Medium Priority
?
424 Views
Last Modified: 2008-02-26
We have a Windows 2000 domain and Exchange 2000.  I am trying to set up a user account with permissions to create AD accounts with mail.  The user account is a member of the Account Operators group and account creation works.  When using the Exchange Task Wizard, the mail servers box is populated but the mailbox store box is empty.  I have created a group called "Mailbox Creators" and made the user a member.  I went into Exchange System Manager and ran the Exchange Administration Delegation of Control Wizard.  I added the "Mailbox Creators" group as Exchange Administrator.  I viewed the properties on both mailbox stores and the Mailbox Creators group has everything checked except for Change Permissions and Take Ownership.  Receve As and Send As are marked Deny.

What other permissions are needed to allow mailbox creation?
0
Comment
Question by:lman1971
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Accepted Solution

by:
v_alber earned 2000 total points
ID: 12084312
Hi,
  You also need appropriate permissions in AD. Find the container when you create user objects, Users for example. Go  
  to it's properties, Security. If this group is part of Account Operators, make it has Read,Write,Create, Delete child
  objects permissions. If you have more then one DC, replicate the changes or wait for that.

Hope I helped.
0
 

Author Comment

by:lman1971
ID: 12084924
OK... that worked like a charm.  I though it would be a duplication of permissions.  If the user is part of the Account Operators group (full permissions on AD containers) and is also a part of Mailbox Creators group (with administrative privledges to the mailbox store) I'm not seeing why the Mailbox Creators group needs to be a member of the Account Operators group.  Any KB explaining this?

v_alber gets the points.  
0
 

Expert Comment

by:j3king
ID: 13269456
You could also add the account operators to view only group on the exchange server.  This would allow them the ability to create and delete exchange accounts without letting them change exchange configs.

http://support.microsoft.com/kb/316792
http://techrepublic.com.com/5100-6268_11-1054462-2.html
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question