numb3rs1x
asked on
Best practice for Exchange Administration Delegation
I'm reading about DST patch applied to the Exchange Server 2003 and how it can cause the mailbox store to unmount among other things. I'm reading that control should be delegated to a non-ambiguous user. I'm on the mail server where it was instructed I should go to the server, right-click and choose delegate control which brings up the Exchange Administration Delegation Wizard. The two accounts I see there are these:
<domain-name>\Administrato r
<domain-name>\Backup
I have two questions. I see this entry on the MS page of unacceptable SID's:
SID: S-1-5-domain-500
Name: Administrator
Description: A user account for the system administrator. By default, it is the only user account that is given full control over the system.
I'm guessing this is the \Administrator account I see listed. Is it?
My other question if it is. If I remove it and assign a newly created specialized group for control and add this account to the group, will I be in the clear as far as avoiding this problem?
Oh, and is there anything else I should consider before making this move?
<domain-name>\Administrato
<domain-name>\Backup
I have two questions. I see this entry on the MS page of unacceptable SID's:
SID: S-1-5-domain-500
Name: Administrator
Description: A user account for the system administrator. By default, it is the only user account that is given full control over the system.
I'm guessing this is the \Administrator account I see listed. Is it?
My other question if it is. If I remove it and assign a newly created specialized group for control and add this account to the group, will I be in the clear as far as avoiding this problem?
Oh, and is there anything else I should consider before making this move?
The following link gives you the best picture of the Access types.
http://www.msexchange.org/articles/Understanding-Exchange-Access-Control-Administrative-Delegation.html
Regards,
Madhu
http://www.msexchange.org/articles/Understanding-Exchange-Access-Control-Administrative-Delegation.html
Regards,
Madhu
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have 3 types of Accesses
1.Exchange Full Admistrator
2.Exchange Administrator
3.Exchange View Only Administrator.
Exchange Full Administrator will have Exchange Organisation wide full control.
Exchange Administrator role best suits for day to day operations.
Exchange View only Administrators can only view all the objects.
Regards,
Madhu