what role does a user need to be able to make changes to users email accts in exch 2013

I have a couple of users which have administrator rights but they get a permissions error when trying to edit users email accounts in exchange 2013..
What role do they need to be assigned to, to be able to make any changes to any users email accounts?
I thought it wouldbe just add them to the Organization Mgmt under admin  roles but that did not seem to work.
LVL 1
vmichAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Add user to Recipient Management Group. That is enough.

https://technet.microsoft.com/en-us/library/dd298028(v=exchg.150).aspx

Org Mgmt rights not required. That gives lot of extra permission.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vmichAuthor Commented:
Ok I did not have them in that group. That is probably why each time he tired to access users emai accounts via the EAC, he was getting the permissions error.
I will add him to that group and see if that resolves the issue.
0
AmitIT ArchitectCommented:
Remove them from Org Mgmt. They don't need such high level rights. Org Mgmt required only for Exchange Admins, who manages Org level changes.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

vmichAuthor Commented:
Well I made the changes but they still get the same message about permissions when trying to access users email either on the 2007 server or the 2013.. We have both running for migration to 2013.
What could be the issue here?
0
vmichAuthor Commented:
Also what makes no sense to me is the users account is already a domain admin so not sure why he cannot make changes to users email accounts on 2007 or 2013?
0
AmitIT ArchitectCommented:
Post the error and user group membership.
0
vmichAuthor Commented:
Active directory operation failed on dc name. this error is not retriable
Then it says insufficent access rights to perform the operation..
That comes up when selecting a user and then selecting contact information..
0
vmichAuthor Commented:
I just noticed that the exchange trusted sub system was not a member of the administrators group in AD. Couldthis be an issue since the user is a domain admin??
0
AmitIT ArchitectCommented:
Try this, goto user advance properties, security tab>advance. Check if, include inheritable permission check box is checked or not. If not, enable it and apply>ok. then apply permission again.
0
vmichAuthor Commented:
Ok I did enable that but you said apply the permissions again?
The ones I added before are still there for the user so do I need to do anything more?
0
AmitIT ArchitectCommented:
Ok if it is already present, then don't need to add again. Wait for sometime or push the AD replication and check again.
0
vmichAuthor Commented:
Ok will let you know..
0
vmichAuthor Commented:
recpt mgmt group
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.