Limited Administrator account created. Unable to delete mailbox on Exchange.

Hi guys,

I have set up a limited administrator account, whom I only want to be able to access AD and setup/modify/change passwords/delete users. I wanted them to be able to setup mailboxes on Exchange and remove them also. But that is all I wanted them to be able to do. I tried, but sadly the user is unable to delete users.

So firstly, how do I do it so that this user is only able to delete users who are in a particular OU with users in there already, but NOT any other users in other OU's?

I have set up someone already and when I right click on that user and select the 'Security' tab and go to Advanced and select 'Edit', there are a load of permissions in there. In the sections where it says 'Apply To', you have a dropdown and then you have a load of permissions below that!! Where can I find what all of this means and what they do?

Also, in the security tab of the user properties, does the name 'SELF' refer to the permissions this particular user has? Attached is a photo of what I mean.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
What version of Exchange are you using? If you are using Exchange 2010/2013 you can use RBAC to configure a Group with permissions to modify mailboxes which is linked to a speciifc OU. If you are using Exchange 2007 then you have limitations with this setup and you are forced to use ACL's to configure permissions accodingly. Typically for Exchange 2007 you would just provide the account Recipient Management Permissions.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
YashyAuthor Commented:
Hi Will,

I'm using Exchange 2010 and Windows server 2008 R2. But the thing is the guy is already in the 'Recipient Management' group using the RBAC. However, I can't get this person to delete anything from AD. I can't get them to create mailboxes either, but thought the group they are in should work.

YashyAuthor Commented:
I got it sorted out. I was giving him access to himself, instead of to the OU. I went to the RBAC and selected the correct OU and added him to the 'Members' of the Recipient Management group. All done.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.