locked
Site office administrator delegation right RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi all,

    I got 3 exchange server deployed at 3 site offices in 3 different countries. Each country got their own Exchange administrator. I granted those administrators as Exchange Server Administrator role. One site office administrator informed me that he is able to create new mailbox on other country Exchange server mailbox database. After that I found out the rest of the 3 site offices administrators also able to create mailbox at each other country mailbox database.

    I would like to prevent them on creating mailbox on other country Exchange server mailbox database, what should I do?


    Cheers,
    Paul
    Wednesday, January 7, 2009 1:11 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    Please check the following Technet article which describes the exact rights that you define by making them Exchange Server Administrator:

    http://technet.microsoft.com/en-us/library/aa996881.aspx

    Regards,

    Johan




    blog: www.johanveldhuis.nl
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Wednesday, January 7, 2009 8:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Paul,


    Please check those Exchange administrators' permissions. “Exchange org admin” don’t have permission to create user. Those administrators must be assigned other AD permissions.

    If the three sites in separate child-domain, you could apply corresponding permissions in domain level. If they are in the same domain, you could delegate proper permission in OU level.

    Thanks,

    Elvis

    The Microsoft Exchange Team Blog - You had me at EHLO - http://msexchangeteam.com/
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 9:08 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Yes Paul, you can refer below article for splitting permission at OU or Domain level...

    Permission Considerations
    Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:36 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 4:29 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    Please check the following Technet article which describes the exact rights that you define by making them Exchange Server Administrator:

    http://technet.microsoft.com/en-us/library/aa996881.aspx

    Regards,

    Johan




    blog: www.johanveldhuis.nl
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Wednesday, January 7, 2009 8:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Paul,

    Can you just verify that administrators have given server admin roles to their respective servers?

    How to View the Administrator Roles for Users and Groups
    Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
    Thursday, January 8, 2009 9:02 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Paul,


    Please check those Exchange administrators' permissions. “Exchange org admin” don’t have permission to create user. Those administrators must be assigned other AD permissions.

    If the three sites in separate child-domain, you could apply corresponding permissions in domain level. If they are in the same domain, you could delegate proper permission in OU level.

    Thanks,

    Elvis

    The Microsoft Exchange Team Blog - You had me at EHLO - http://msexchangeteam.com/
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:35 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 9:08 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Yes Paul, you can refer below article for splitting permission at OU or Domain level...

    Permission Considerations
    Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
    • Proposed as answer by Elvis Wei Friday, January 16, 2009 8:36 AM
    • Marked as answer by Amit Tank Monday, January 19, 2009 8:30 AM
    Friday, January 9, 2009 4:29 PM