what role does a user need to be able to make changes to users email accts in exch 2013
I have a couple of users which have administrator rights but they get a permissions error when trying to edit users email accounts in exchange 2013..
What role do they need to be assigned to, to be able to make any changes to any users email accounts?
I thought it wouldbe just add them to the Organization Mgmt under admin roles but that did not seem to work.
What role do they need to be assigned to, to be able to make any changes to any users email accounts?
I thought it wouldbe just add them to the Organization Mgmt under admin roles but that did not seem to work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Remove them from Org Mgmt. They don't need such high level rights. Org Mgmt required only for Exchange Admins, who manages Org level changes.
ASKER
Well I made the changes but they still get the same message about permissions when trying to access users email either on the 2007 server or the 2013.. We have both running for migration to 2013.
What could be the issue here?
What could be the issue here?
ASKER
Also what makes no sense to me is the users account is already a domain admin so not sure why he cannot make changes to users email accounts on 2007 or 2013?
Post the error and user group membership.
ASKER
Active directory operation failed on dc name. this error is not retriable
Then it says insufficent access rights to perform the operation..
That comes up when selecting a user and then selecting contact information..
Then it says insufficent access rights to perform the operation..
That comes up when selecting a user and then selecting contact information..
ASKER
I just noticed that the exchange trusted sub system was not a member of the administrators group in AD. Couldthis be an issue since the user is a domain admin??
Try this, goto user advance properties, security tab>advance. Check if, include inheritable permission check box is checked or not. If not, enable it and apply>ok. then apply permission again.
ASKER
Ok I did enable that but you said apply the permissions again?
The ones I added before are still there for the user so do I need to do anything more?
The ones I added before are still there for the user so do I need to do anything more?
Ok if it is already present, then don't need to add again. Wait for sometime or push the AD replication and check again.
ASKER
Ok will let you know..
ASKER
recpt mgmt group
ASKER
I will add him to that group and see if that resolves the issue.