Solved

Create custom RBAC roles in Exchange 2010

Posted on 2013-11-11
1
360 Views
Last Modified: 2013-11-27
I have a domain admin user that I would like to designate to have the ability to mailbox enable a user in Exchange, choose which database the mailbox will go to, and the ability to modify SMTP addresses and Exchange custom attributes.  

I have assigned this user the Help Desk management role group, which shows as having the assigned roles of User Options and View-Only Recipients.  

I have also created a custom role group and assigned the roles of Mail Recipient Creation and Mail Recipients roles to this user.

I have installed the Exchange Management Console on the users computer, however when I go to verify the proper privileges, it appears that the user has many more privileges than the ones I have assigned, including, and most concerning the ability to Remove mailboxes from the EMC with the rights assigned.

Where is this allowed privilege being applied, and how can I check? Also, how can I remove or modify my privileges so it only includes the abilities I mentioned in the first sentence.

My primary goal is to make sure the user does not have the ability to remove or delete existing mailboxes.

Thank you in advance.
0
Comment
Question by:fireguy1125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39641225
If they are a domain admin then they probably have more permissions that you expect. Most permissive wins, that means if a user is a member of a group that has higher permissions, that is what permissions they get. You need to look at the permission structure and probably remove their domain admin rights.

Simon.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question