Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Block Exchange Advanced\Mailbox Rights feature in AD Users and Computers

Posted on 2009-04-15
2
Medium Priority
?
358 Views
Last Modified: 2012-05-06
Hi Experts,

A quick question to which there's probably a simple answer. I'd like to give some of our non helpdesk users (trainers to be precise) the right to create and possibly delete mailboxes AD Accounts/ Mailboxes WITHOUT the ability to amend the mailbox rights to that or other accounts. I'd like of possible to avoid creating MMC's all over the place. I've tried using the Delegate Control Wizard in Systems Manager and setitng them with Exchange View Only Admin access. This stops them from being able to change the users group memberships but still doens't stop them from viewing/changing maibox right.

Thanks.
0
Comment
Question by:fruitdiver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
consultkhan earned 500 total points
ID: 24155479
The right to create/delete ad accounts and mailboxes will give them access to all the possible features over a mailbox property in exchange.Most restrictive permissions could be applied using active directory access control lists and blocking these users accounts (trainers) to specific AD properties like allow full control,external account access .Try deny permissions using AD for trainers account in a test scenario.

thanks,
consultkhan
0
 

Author Closing Comment

by:fruitdiver
ID: 31570516
Fair enough. Something for them to work in future versions perhaps. Thanks.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question