Our AD environment consists of a single forest that contains multiple child domains.
Structure is as follows:
Forest Root Domain
Child APP Domain - Domain used for shared application hosting, including Exchange 2013
Child Opco Domain A - Operating Company Domain
Child Opco Domain B - Operating Company Domain
Child Opco Domain C - Operating Company Domain
Child Opco Domain D - Operating Company Domain
My question is this. Is it possible to delegate Exchange administrative access to a child domain admin, and only allow this domain admin the rights to administer only the Exchange objects within their respective domain.
The goal is to allow Opco domain admins the ability to administer all AD objects within their domain, but only allow administrative rights to only the Exchange objects that are within their domain.
Is this possible?