Create custom RBAC roles in Exchange 2010
Posted on 2013-11-11
I have a domain admin user that I would like to designate to have the ability to mailbox enable a user in Exchange, choose which database the mailbox will go to, and the ability to modify SMTP addresses and Exchange custom attributes.
I have assigned this user the Help Desk management role group, which shows as having the assigned roles of User Options and View-Only Recipients.
I have also created a custom role group and assigned the roles of Mail Recipient Creation and Mail Recipients roles to this user.
I have installed the Exchange Management Console on the users computer, however when I go to verify the proper privileges, it appears that the user has many more privileges than the ones I have assigned, including, and most concerning the ability to Remove mailboxes from the EMC with the rights assigned.
Where is this allowed privilege being applied, and how can I check? Also, how can I remove or modify my privileges so it only includes the abilities I mentioned in the first sentence.
My primary goal is to make sure the user does not have the ability to remove or delete existing mailboxes.
Thank you in advance.