Block Exchange Advanced\Mailbox Rights feature in AD Users and Computers

Hi Experts,

A quick question to which there's probably a simple answer. I'd like to give some of our non helpdesk users (trainers to be precise) the right to create and possibly delete mailboxes AD Accounts/ Mailboxes WITHOUT the ability to amend the mailbox rights to that or other accounts. I'd like of possible to avoid creating MMC's all over the place. I've tried using the Delegate Control Wizard in Systems Manager and setitng them with Exchange View Only Admin access. This stops them from being able to change the users group memberships but still doens't stop them from viewing/changing maibox right.

Thanks.
fruitdiverAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
consultkhanConnect With a Mentor Commented:
The right to create/delete ad accounts and mailboxes will give them access to all the possible features over a mailbox property in exchange.Most restrictive permissions could be applied using active directory access control lists and blocking these users accounts (trainers) to specific AD properties like allow full control,external account access .Try deny permissions using AD for trainers account in a test scenario.

thanks,
consultkhan
0
 
fruitdiverAuthor Commented:
Fair enough. Something for them to work in future versions perhaps. Thanks.
0
All Courses

From novice to tech pro — start learning today.