limit AD Helpdesk account


I need to create a Active Directory user account that has the ability to join a pc to the domain, create user accounts and Exchange 2010 mailboxes.

What groups would the user need to be a part of?

We do not want the user to have full domain admin, or server admin. The account is for a helpdesk tech.

Who is Participating?
MaheshConnect With a Mentor ArchitectCommented:
In default domain Policy grant account "add workstation to domain" user rights

Finally use delegation of control wizard at level and give delegated permission to that account to join computers to domain

The above two permissions are required in order to work that properly

Also Add user to accounts operator built-in group in active directory for user management
This includes password reset, new account creation, adding and removing from groups, changing common attributes such as phone no and so on.

Assign that account recipient management role on exchange server to manage mailboxes

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.