• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

delegate a helpdesk users admin rights to create mailboxes on one exchange server only

I have 5 exchange 2003 boxes on a single domain, I want to be able to delegate one of my admin guys the ability to create mailboxes only on his exchange box. I used the exchange delegation wizard to give him view only rights, but I noticed that he will have the ability to create mailboxes on the other 4 exchange boxes. how do I set it that he only can create mailboxes on his own server?

all my boxes are running Exchange 2003 with sp2 on win2k3
0
pauls13
Asked:
pauls13
  • 6
  • 6
  • 4
1 Solution
 
bilbusCommented:
I beleve you need to be a local admin + delegate to be a local admin (or domain admin) of an exchange server (using delegation)

Read only admin just needs to be able to login to the server

I could be wrong but give it a try
0
 
bilbusCommented:
and you can set up permisions for the server via the security tab. (right click server name in ESA and choose properties)
0
 
pauls13Author Commented:
I have tried doing it this way using the delgate wizard but then it allows that user to create mailboxes on all the other exchange servers as well even with read only rights, i need them only to be able to create mailboxes on their exchange server only
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
pauls13Author Commented:
Hi bilbus

I have tried giving the user rights the user rights using the security tab in ESA but that allows the user to have complete control of the exchange server including the info store, I really just want the user to be able to create users without being able to have any admin rights for the exchange server
0
 
bilbusCommented:
hmm i will look for the correct spot
0
 
bilbusCommented:
You could give the user Deny permisions under advanced for all the other servers, but there needs to be a better way
0
 
bilbusCommented:
ok, got something.

Is the helpdesk user a domain admin? if not, this will work.

Remove the user from being an administrator on the other exchange boxes. If they are not a local computer admins, they cant admin the exchange server even if they were delegated.

Make the helpdesk ppl only domain users on the exchange boxes, or even remove then completly (This can be done by runing computer management on the exchange servers you dont want them to touch)
0
 
pauls13Author Commented:
Ok this is what i have done, I have created a new user, and given that user view rights for exchange using the deligation wizard and added then to the local admin group on the Exchange which for the record is a member server. After running the wizard, i created a mailbox on the US server, but was also able to create mailboxes on my German, Denmark & UK boxes as well. the new user did not have any admin rights on the other exchange boxes but his own
0
 
bilbusCommented:
that does not sound right, is he a membe rof any other groups that have admin permisions?
0
 
SembeeCommented:
Have you split this Exchange org in to admin groups? If not, then that is something you should consider.

Simon.
0
 
pauls13Author Commented:
not sure what you mean could you explain?
0
 
SembeeCommented:
You can split the Exchange org up in to administrative groups. The default administrative group is where all the servers are currently set.
Create a new admin group and move the server in to it. Then right click on the admin group and choose Delegate Control. Run through the wizard, restricting access as required.

Simon.
0
 
pauls13Author Commented:
by creating a new admin group, will that have an effect on the way the org is currently set up?
0
 
SembeeCommented:
Admin groups don't play a part in the way that Exchange works. They provide the administrative boundaries to Exchange. You do have to make sure that the permissions are set correctly, but as long as you are accessing the server with an account that has Full Exchange Admin rights at the org level you should be fine.

This section of the Exchange 2003 Admin Guide covers Admin Groups.

http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3AdminGuide/7958497b-3508-4247-9c80-7c6cf8839b09.mspx?mfr=true

Simon.
0
 
pauls13Author Commented:
how can i move a server to the new admin group?
0
 
SembeeCommented:
The serves me right for posting just after I had woken up.
You can't move servers between admin groups. You would have to install Exchange on to a new server.

Simon.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 6
  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now