Solved

Exchange 2010 Admin Rights

Posted on 2010-11-29
7
1,046 Views
Last Modified: 2012-05-10
I was given a task to find out if this is possible in MS Exchange 2010. We are going to get an Exchange server which will host 2 post office. ex. lala.com and tata.com. First of all is this considered 2 post offices?

We would like to have 1 admin per domain. Ideally this would give them the rights do any and everything needed to administer their perspective domain only.

They should not have rights to administer any high level tasks such as add new post offices, manage/create other post offices, and so on.

I am looking for resources or (the correct terminology so I can find resource) on how to get this done.

Or even an example of how my Google query should look, to find the correct resources.

Any help on this will be appreciated
0
Comment
Question by:EnriquePhoenix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 34232410
>> lala.com and tata.com. First of all is this considered 2 post offices?
no they are called SMTP domains

and no this cannot be done, in exchange the delegation can be made on exchange servers but not on smtp domains
0
 
LVL 5

Author Comment

by:EnriquePhoenix
ID: 34232556
Not exactly the start I wanted to see. :( So do I have to run 2 Exchange servers to separate the rights.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34232607
not really it will not even work since you have no way of stopping admin1 to assign users emails @domain2.com

the only thing that would do what you want is exchange hosted
0
Office 365 Training for IT Pros

Learn how to provision Office 365 tenants, synchronize your on-premise Active Directory, and implement Single Sign-On.

 
LVL 5

Author Comment

by:EnriquePhoenix
ID: 34243224
Any other takers? I will end this post tomorrow if nobody has anymore input on the matter.
0
 
LVL 5

Author Comment

by:EnriquePhoenix
ID: 34259989
Configuration scopes enable you to control who can manipulate servers and databases.

Recipient and configuration scopes enable you to segment the management of server, database or recipient objects in your organization. For example, a recipient scope can be added to a role assignment so that administrators in Vancouver can only manage recipients in the same office. A server configuration scope could be added to a different role assignment so that administrators in Sydney can only manage servers in their Active Directory site.

http://technet.microsoft.com/en-us/library/dd335131.aspx
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
ID: 34262924
that is true I am aware of this but, if i understood correctly, you want these ppl to administer a domain name not a specific OU or database .

you cant deny the admin of lala.com to create a user @tata.com for example that's why i told you it can't be done
0
 
LVL 5

Author Closing Comment

by:EnriquePhoenix
ID: 34270478
Thanks
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question