locked
Site office administrator delegation right RRS feed

  • Question

  • Hi all,

    I got 3 exchange server deployed at 3 site offices in 3 different countries. Each country got their own Exchange administrator. I granted those administrators as Exchange Server Administrator role. One site office administrator informed me that he is able to create new mailbox on other country Exchange server mailbox database. After that I found out the rest of the 3 site offices administrators also able to create mailbox at each other country mailbox database.

    I would like to prevent them on creating mailbox on other country Exchange server mailbox database, what should I do?


    Cheers,
    Paul
    Wednesday, January 7, 2009 1:11 PM

Answers

  • Hi,

    Please check the following Technet article which describes the exact rights that you define by making them Exchange Server Administrator:

    http://technet.microsoft.com/en-us/library/aa996881.aspx

    Regards,

    Johan





    blog: www.johanveldhuis.nl
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Wednesday, January 7, 2009 8:23 PM
  • Hi Paul,


    Please check those Exchange administrators' permissions. “Exchange org admin” don’t have permission to create user. Those administrators must be assigned other AD permissions.

    If the three sites in separate child-domain, you could apply corresponding permissions in domain level. If they are in the same domain, you could delegate proper permission in OU level.

    Thanks,

    Elvis


    The Microsoft Exchange Team Blog - You had me at EHLO - http://msexchangeteam.com/
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 9:08 AM
  • Yes Paul, you can refer below article for splitting permission at OU or Domain level...

    Permission Considerations

    Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:36 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 4:29 PM

All replies

  • Hi,

    Please check the following Technet article which describes the exact rights that you define by making them Exchange Server Administrator:

    http://technet.microsoft.com/en-us/library/aa996881.aspx

    Regards,

    Johan





    blog: www.johanveldhuis.nl
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Wednesday, January 7, 2009 8:23 PM
  • Hi Paul,

    Can you just verify that administrators have given server admin roles to their respective servers?

    How to View the Administrator Roles for Users and Groups

    Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
    Thursday, January 8, 2009 9:02 AM
  • Hi Paul,


    Please check those Exchange administrators' permissions. “Exchange org admin” don’t have permission to create user. Those administrators must be assigned other AD permissions.

    If the three sites in separate child-domain, you could apply corresponding permissions in domain level. If they are in the same domain, you could delegate proper permission in OU level.

    Thanks,

    Elvis


    The Microsoft Exchange Team Blog - You had me at EHLO - http://msexchangeteam.com/
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 9:08 AM
  • Yes Paul, you can refer below article for splitting permission at OU or Domain level...

    Permission Considerations

    Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:36 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 4:29 PM