Link to home
Start Free TrialLog in
Avatar of DEFclub
DEFclub

asked on

exch 2010 management access

In exchange 2003, Tech support would make changes to Exch 2003 users mailboxes through AD... Now that we just started using exch 2010, mailbox attributes are no longer availalbe in the users AD account.. Do the Tech support admins need to have access to the Exch 2010 MMC to edit users mailboxes?  Any best practive advice is welcome.
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

They will need to have access to the Exchange 2010 Master Console or Shell. You can control what level of access they have by using management roles. http://technet.microsoft.com/en-us/library/dd298183.aspx has some in depth information on the new Role Based Access Control system for Exchange 2010. If you don't want to have to deal with managing roles like that, you can utilize the built in Exchange Security Groups that are installed into AD with Exchange. For instance, adding users to the Recipient Administrators group will allow them to perform a number of mailbox oriented tasks.

One of the advantages of this system is that when a user with limited administrative access opens the Exchange Management Console, only the tasks that they have access to will be presented to them. From the Exchange Management Shell, they will only be able to use the Powershell cmdlets assigned to the management role that they are a member of.
Avatar of DEFclub
DEFclub

ASKER

Yes, I’m familiar with the management rolls... I guess Im just realizing that Microsoft removed exchange administration from AD and it solely resides in the Exchange MMC or PS... Any idea what their philosophy was for making that decision?
ASKER CERTIFIED SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DEFclub

ASKER

Thanks for taking the time to explain!