locked
Exchange 2007 Exchange recipient administrator right RRS feed

  • Question

  • I want to delegate a domian user to manage Exchange recipient, include create ,edit and delete mailbox.

    What's the additional permission besides Exchange recipient administrator?

    Thursday, November 3, 2011 3:29 PM

Answers

  • yes, It doesn't work.

    Does it work in your environment?

    From Microsoft tecnnet document, i need Exchange Recipient administrator permission and Account Operator permission. According to my test, it doesn't work.

    Because Exchange Recipient administrator permission and Account Operator don't have write permission on the CN=Users OU as default.

    According to my test, i need Exchange Recipient administrator permission and Domain admins permission.

    Or i need to have Exchange Recipient administrator permission and grant read and write permission to the OU via ADSIEDIT.

    • Marked as answer by Jerome Xiong Friday, November 4, 2011 5:30 AM
    Friday, November 4, 2011 4:33 AM
  • You shouldn't need Domain Admins.  That's way too much.  But you'll need to grant rights in the OUs in which users are to be created.
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    • Marked as answer by Jerome Xiong Friday, November 4, 2011 5:30 AM
    Friday, November 4, 2011 4:47 AM

All replies

  • That isn't working for you?
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Thursday, November 3, 2011 4:17 PM
  • yes, It doesn't work.

    Does it work in your environment?

    From Microsoft tecnnet document, i need Exchange Recipient administrator permission and Account Operator permission. According to my test, it doesn't work.

    Because Exchange Recipient administrator permission and Account Operator don't have write permission on the CN=Users OU as default.

    According to my test, i need Exchange Recipient administrator permission and Domain admins permission.

    Or i need to have Exchange Recipient administrator permission and grant read and write permission to the OU via ADSIEDIT.

    • Marked as answer by Jerome Xiong Friday, November 4, 2011 5:30 AM
    Friday, November 4, 2011 4:33 AM
  • You shouldn't need Domain Admins.  That's way too much.  But you'll need to grant rights in the OUs in which users are to be created.
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    • Marked as answer by Jerome Xiong Friday, November 4, 2011 5:30 AM
    Friday, November 4, 2011 4:47 AM