I have 2x Exchange DAG's within the same organisation in different AD sites.
We have a DAG in the UK consisting of 2x physical mailbox servers and 2x virtual CAS/HT boxes.
We have the same setup in the USA.
The USA has it's own small junior IT team. I wan't to give certain access privileges without the USA junior admins being able to do anything on the UK servers.
So far, I have used RBAC's to create helpdesk roles and the like. However, I need to give the USA admins the ability to manage their own databases only (not the UK ones). This is to carry out actions such as;
- Active/move a DB copy on a server whilst suspending it on another mbx host. take a server offline for maintenance whilst keeping all DB's up on the USA DAG.
How can I increase the USA admins Exchange access ensuring, that they cannot do anything on the UK- London DAG?