• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 42
  • Last Modified:

what role does a user need to be able to make changes to users email accts in exch 2013

I have a couple of users which have administrator rights but they get a permissions error when trying to edit users email accounts in exchange 2013..
What role do they need to be assigned to, to be able to make any changes to any users email accounts?
I thought it wouldbe just add them to the Organization Mgmt under admin  roles but that did not seem to work.
0
vmich
Asked:
vmich
  • 8
  • 5
1 Solution
 
AmitIT ArchitectCommented:
Add user to Recipient Management Group. That is enough.

https://technet.microsoft.com/en-us/library/dd298028(v=exchg.150).aspx

Org Mgmt rights not required. That gives lot of extra permission.
0
 
vmichAuthor Commented:
Ok I did not have them in that group. That is probably why each time he tired to access users emai accounts via the EAC, he was getting the permissions error.
I will add him to that group and see if that resolves the issue.
0
 
AmitIT ArchitectCommented:
Remove them from Org Mgmt. They don't need such high level rights. Org Mgmt required only for Exchange Admins, who manages Org level changes.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
vmichAuthor Commented:
Well I made the changes but they still get the same message about permissions when trying to access users email either on the 2007 server or the 2013.. We have both running for migration to 2013.
What could be the issue here?
0
 
vmichAuthor Commented:
Also what makes no sense to me is the users account is already a domain admin so not sure why he cannot make changes to users email accounts on 2007 or 2013?
0
 
AmitIT ArchitectCommented:
Post the error and user group membership.
0
 
vmichAuthor Commented:
Active directory operation failed on dc name. this error is not retriable
Then it says insufficent access rights to perform the operation..
That comes up when selecting a user and then selecting contact information..
0
 
vmichAuthor Commented:
I just noticed that the exchange trusted sub system was not a member of the administrators group in AD. Couldthis be an issue since the user is a domain admin??
0
 
AmitIT ArchitectCommented:
Try this, goto user advance properties, security tab>advance. Check if, include inheritable permission check box is checked or not. If not, enable it and apply>ok. then apply permission again.
0
 
vmichAuthor Commented:
Ok I did enable that but you said apply the permissions again?
The ones I added before are still there for the user so do I need to do anything more?
0
 
AmitIT ArchitectCommented:
Ok if it is already present, then don't need to add again. Wait for sometime or push the AD replication and check again.
0
 
vmichAuthor Commented:
Ok will let you know..
0
 
vmichAuthor Commented:
recpt mgmt group
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 8
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now