Best way to grant an external help desk agent access to manage/create mailboxes/uses in just one OU (Exchange 2010)?

Definitely not my area of expertise but was asked to give a remote help desk agent access to an Exchange 2010 server to create/manage mailboxes and user accounts for on specific OU.

Recently added outside reps to a company and just was going to place them in their own Organizational Unit in our main domain. I can delegate access in Active Directory as expected but not quite sure how to make it so the help desk agent can't be opening everyone else's mail and touching any of the company's main users that already have local agents to manage them.

Would the easiest route be to just setup a new datastore in exchange?
MikeC7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

d3ath5tarCommented:
AD and Exchange permissions are seperate in 2010.

Use the ECP (https://yourexchange/ECP) to create a custom role with the required access.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Julian123Commented:
You can create an limited administrative  role (also known as an RBAC role) that grants the user permissions to manage mailboxes and user accounts but nothing else. Here's a blog from MS on this, please take a look and see if that describes what you want: http://blogs.technet.com/b/exchange/archive/2009/11/16/3408825.aspx.

Thanks!
0
ActiveDirectorymanCommented:


you also need to create a management scope so that he can only  create/manage mailboxes within that organizational unit.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.