Solved

Minimum Permissions Required to Create Mailboxes on Exchange 2000 via Exchange Task Wizard

Posted on 2004-09-17
3
418 Views
Last Modified: 2008-02-26
We have a Windows 2000 domain and Exchange 2000.  I am trying to set up a user account with permissions to create AD accounts with mail.  The user account is a member of the Account Operators group and account creation works.  When using the Exchange Task Wizard, the mail servers box is populated but the mailbox store box is empty.  I have created a group called "Mailbox Creators" and made the user a member.  I went into Exchange System Manager and ran the Exchange Administration Delegation of Control Wizard.  I added the "Mailbox Creators" group as Exchange Administrator.  I viewed the properties on both mailbox stores and the Mailbox Creators group has everything checked except for Change Permissions and Take Ownership.  Receve As and Send As are marked Deny.

What other permissions are needed to allow mailbox creation?
0
Comment
Question by:lman1971
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Accepted Solution

by:
v_alber earned 500 total points
ID: 12084312
Hi,
  You also need appropriate permissions in AD. Find the container when you create user objects, Users for example. Go  
  to it's properties, Security. If this group is part of Account Operators, make it has Read,Write,Create, Delete child
  objects permissions. If you have more then one DC, replicate the changes or wait for that.

Hope I helped.
0
 

Author Comment

by:lman1971
ID: 12084924
OK... that worked like a charm.  I though it would be a duplication of permissions.  If the user is part of the Account Operators group (full permissions on AD containers) and is also a part of Mailbox Creators group (with administrative privledges to the mailbox store) I'm not seeing why the Mailbox Creators group needs to be a member of the Account Operators group.  Any KB explaining this?

v_alber gets the points.  
0
 

Expert Comment

by:j3king
ID: 13269456
You could also add the account operators to view only group on the exchange server.  This would allow them the ability to create and delete exchange accounts without letting them change exchange configs.

http://support.microsoft.com/kb/316792
http://techrepublic.com.com/5100-6268_11-1054462-2.html
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question