Solved

Block Exchange Advanced\Mailbox Rights feature in AD Users and Computers

Posted on 2009-04-15
2
337 Views
Last Modified: 2012-05-06
Hi Experts,

A quick question to which there's probably a simple answer. I'd like to give some of our non helpdesk users (trainers to be precise) the right to create and possibly delete mailboxes AD Accounts/ Mailboxes WITHOUT the ability to amend the mailbox rights to that or other accounts. I'd like of possible to avoid creating MMC's all over the place. I've tried using the Delegate Control Wizard in Systems Manager and setitng them with Exchange View Only Admin access. This stops them from being able to change the users group memberships but still doens't stop them from viewing/changing maibox right.

Thanks.
0
Comment
Question by:fruitdiver
2 Comments
 
LVL 13

Accepted Solution

by:
consultkhan earned 125 total points
ID: 24155479
The right to create/delete ad accounts and mailboxes will give them access to all the possible features over a mailbox property in exchange.Most restrictive permissions could be applied using active directory access control lists and blocking these users accounts (trainers) to specific AD properties like allow full control,external account access .Try deny permissions using AD for trainers account in a test scenario.

thanks,
consultkhan
0
 

Author Closing Comment

by:fruitdiver
ID: 31570516
Fair enough. Something for them to work in future versions perhaps. Thanks.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question