Solved

Create custom RBAC roles in Exchange 2010

Posted on 2013-11-11
1
354 Views
Last Modified: 2013-11-27
I have a domain admin user that I would like to designate to have the ability to mailbox enable a user in Exchange, choose which database the mailbox will go to, and the ability to modify SMTP addresses and Exchange custom attributes.  

I have assigned this user the Help Desk management role group, which shows as having the assigned roles of User Options and View-Only Recipients.  

I have also created a custom role group and assigned the roles of Mail Recipient Creation and Mail Recipients roles to this user.

I have installed the Exchange Management Console on the users computer, however when I go to verify the proper privileges, it appears that the user has many more privileges than the ones I have assigned, including, and most concerning the ability to Remove mailboxes from the EMC with the rights assigned.

Where is this allowed privilege being applied, and how can I check? Also, how can I remove or modify my privileges so it only includes the abilities I mentioned in the first sentence.

My primary goal is to make sure the user does not have the ability to remove or delete existing mailboxes.

Thank you in advance.
0
Comment
Question by:fireguy1125
1 Comment
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39641225
If they are a domain admin then they probably have more permissions that you expect. Most permissive wins, that means if a user is a member of a group that has higher permissions, that is what permissions they get. You need to look at the permission structure and probably remove their domain admin rights.

Simon.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question