Avatar of cfetzer
cfetzer asked on

How to give a user the ability to administer Exchange contacts

Hello Experts,

I was hoping someone could provide information on a tool or even a method to allow me to give a user access to manage the Exchange contacts. Here is my situation.

I manage the Active Directory where I work. There is one particular user who sends me requests to add/delete/modify mail-enabled contacts within AD. She may also ask for me to create or delete distribution lists once in a while but this is very infrequent. The bulk of her requests are related to contacts.

The problem is that these requests are frequent and usually of such importance that I need to drop what I'm doing and take care of her requests. The other problem is that she frequently makes mistakes (spelling a name wrong, email address wrong, etc) and the result is that I am asked to again drop what I am doing and go into AD and correct such mistakes.

It's enough of a problem that I am now searching for a way to give her the ability to add, delete, and modify current Exchange contacts. She doesn't need to have the same abilities with distribution lists as requests related to DLs are very infrequent, but I need her to be able to add/remove from current DLs.

Is there a method or an application out there that will allow me to give her the following abilities:
- Create contacts
- Delete contacts
- Modify contacts
- Add/Remove contacts from existing distribution lists

I would very much appreciate any information. Free solutions are always preferred (of course) but I understand that the best solutions are not always free, so something that is reasonably priced will work.

Thank you all in advance for your advice.
Active DirectoryExchange

Avatar of undefined
Last Comment

8/22/2022 - Mon


Goto Active Dir Users and computers,
RIght click on the OU that you would like for her to control the contacts in.  It may be the root or many OU's so you may have to do this more than once.
Select Delegate control
Type in the user/select user (her)- Next
Create Custom - Next
Select Only the following objects in the folder
Select contact objects, and Tick the create and/or delete and click next
The next box is down to what you want her to see/do, Select full control.
Then install adminpak.msi on her system and ensure that she can only edit contacts.


This is the primary reason why having external contacts in AD is a bad idea.
To modify those contacts the user will also need to have the Exchange management tools installed so that the email address can be modified. This could allow the user access to too much information.


Yes, forgot to mention that you will also have to delegate that user to be an exchange administrator through the exchange ESM.

Thanks Sem...
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

Thanks for the input so far. I understand that I can give her permissions and provide the tools that allow her to directly edit contacts. However as Sem mentioned, this is not the ideal solution.

I've heard of web based applications that allow someone to make edits, additions, etc to Exchange contacts...or maybe there is an application that handles contacts outside of AD?

I'm open to suggestions regarding some of these applications.

Again, thanks for your input so far.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

I agree, but if someone needs to do this on a small scale and centralized management is really a hassle then I think that it is ok to delegate with these permissions.  

As far as web based portal solutions go, there is namescape and this one which I have also heard of

They both allow customized AD delegated control over a web portal.


Sembee - Yeah, I know who you are...I've been around since late 2002 and anyone who's been around that long would have to have lived under a rock to not know who you are.  ;)

I've decided to go ahead and use a public folder. This is probably the perfect solution to what for what I'm trying to do.

Thanks all for your feedback.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.