Hi everyone,
We manage the Exchange 2007 environment for one of our clients and due to some internal legal requirements that client no longer wants us to have domain admin rights in their AD forest. At some point in the future we will migrate them to Exchange 2013 with
a child domain where we will have domain admin rights but for now this is our situation.
My question is this: what are the minimum permissions we can get away with and still be able to manage the Exchange servers and the Exchange organization? We don't really need access to the mailboxes themselves so that's not an issue. There is a BES in the
environment that we also manage but I believe the permissions for the BESAdmin account are already setup without domain admin rights anyhow.
We actually own the Exchange servers so we already have local admin rights on them and will continue to maintain those rights. I know there are some security groups created during the installation of Exchange that we could potentially drop our admin accounts
into, like Exchange Organization Administrators, etc. Would that be a viable solution?