GSLElectric
asked on
Best method give user user account creation / email creation only.
I need to set it up to allow our HR director the ability to create users and assign them an email address. I don't want to give them any other system admin abilities.
Hi,
Please let me know which version of Exchange Server are you using. In case if you are using Exchange server 2010. You can use the Role Based Access Control (RBAC) feature in Exchange Control Panel (ECP).
Let me know if you require more help on RBAC.
Please let me know which version of Exchange Server are you using. In case if you are using Exchange server 2010. You can use the Role Based Access Control (RBAC) feature in Exchange Control Panel (ECP).
Let me know if you require more help on RBAC.
The link i provided is to setup RBAC. fyi.
ASKER
Version 2007 is our exchange version
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Exchange 2007 does not have RBAC. It uses ACL's to apply permissions. However the group you would probbaly have to give access to is the Exchange Recipient Administrator Role. To have all of the functionality that you are looking for.
Will.
Will.
you can use the Exchange Shell command: Add-ExchangeAdministrator -Identity 'User DisplayName' -Role RecipientAdmin.
At your own Rist: In case if you want to give more granular level of permissions, open adsiedit.msc, verify the special permissions for 'Exchange Recipient Administrator' on the below container
dc=domain,dc=ext
cn=InformationStore,cn=mic
These permissions are self explanatory for the administrators. Test these permissions in the lab environment; upon successfull testing, apply for the production exchange servers.
Regards,
Raghavendra
At your own Rist: In case if you want to give more granular level of permissions, open adsiedit.msc, verify the special permissions for 'Exchange Recipient Administrator' on the below container
dc=domain,dc=ext
cn=InformationStore,cn=mic
These permissions are self explanatory for the administrators. Test these permissions in the lab environment; upon successfull testing, apply for the production exchange servers.
Regards,
Raghavendra
Refer the below URL for More Granular level of Permissions:
http://blogs.technet.com/b/exchange/archive/2006/11/03/3396144.aspx
http://blogs.technet.com/b/exchange/archive/2006/11/03/3396144.aspx
ASKER
Mark Bill, why did you opt to not do this?
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
I would recommend against this point 1.
If you really want to set this up as the built in exchange groups are not great in regards to versatility permissions wise the only way i really see to do this is http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-2010-role-based-access-control-part1.html
Setting up role based access which the steps are very detailed and outlined in msexchange article above.
I had the same issue, we opted against doing this.