[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

Exchnage 2010 Administrative access and rights control

hello all,
I have 2x Exchange DAG's within the same organisation in different AD sites.

We have a DAG in the UK consisting of 2x physical mailbox servers and 2x virtual CAS/HT boxes.
We have the same setup in the USA.

The USA has it's own small junior IT team. I wan't to give certain access privileges without the USA junior admins being able to do anything on the UK servers.

So far, I have used RBAC's to create helpdesk roles and the like. However, I need to give the USA admins the ability to manage their own databases only (not the UK ones). This is to carry out actions such as;

- Active/move a DB copy on a server whilst suspending it on another mbx host. take a server offline for maintenance whilst keeping all DB's up on the USA DAG.


How can I increase the USA admins Exchange access ensuring, that they cannot do anything on the UK- London DAG?
thanks, regards
0
UBB
Asked:
UBB
  • 2
  • 2
2 Solutions
 
AmitIT ArchitectCommented:
I don't see any such restriction option, as DB resides at Org level, and if you are giving Org level permission, it give rights at highest level.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I second Amit as its a single level access and maybe what you can try out is give Object level access using ADISIEDIT

- Rancy
0
 
UBBAuthor Commented:
hello,
appreciate the feedback. Rancy, are you able to give me a few more details re ADSIEdit?

I don't realy like messing with that unless I know exactly what I am after and where to look.

What container should I be connecting to in ADSI to find this 'key'?
Which object is it I should be looking at?
What values should I be changing in Adsi?
thanks.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
In ADSIEDIT you have to browse to the Servers container and on the properties of the specific Server object go to Security Tab and give the account Full control and wait

- Rancy
0
 
UBBAuthor Commented:
thanks
i will try that this week and get back.. probably wont be till wed/thurs.
regards
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now