locked
Exchange - Level of access is required for service desk RRS feed

  • Question

  • We are having Exchange 2007 environment.

    We will be starting the KT to transfer Exchange Active Sync account enablment and Mobil Device Managment account provisioning and enabling users for Exchange UM to the service desk. As a result, we need to grant all the Service Desk employees with the ability to enable exchange active sync on mailboxes. Not sure what the proper level of access is required to give them this ability, but it needs to be as restricted as possilbe to enabling mailbox features only.

    Administrator role Members Member of Exchange permissions

    Exchange Organization Administrators

    Administrator, or the account that was used to install the first Exchange 2007 server

    Exchange Recipient Administrator

    Administrators local group of <Server Name>

    Full control of the Microsoft Exchange container in Active Directory

    Exchange Recipient Administrators

    Exchange Organization Administrators

    Exchange View-Only Administrators

    Full control of Exchange properties on Active Directory user object

    Exchange Server Administrators

     

    Exchange View-Only Administrators

    Administrators local group of <Server Name>

    Full control of Exchange <Server Name>

    Exchange View-Only Administrators

    Exchange Recipient Administrators

    Exchange Public Folder Administrators

    Exchange Recipient Administrators

    Exchange Server Administrators

    Read access to the Microsoft Exchange container in Active Directory.

    Read access to all the Windows domains that have Exchange recipients.

    Thanks


    Funnyghost
    Monday, November 28, 2011 4:33 PM

Answers

  • We can restrict the service desk by giving only Exchange Recipient Administrators role. It is the member of Exchange View-Only Administrators and the permissions are full control of Exchange properties on Active Directory user object.

     

    It would be a little too drastic to let the service desk have the full blown Exchange Management Console at their disposal, right? So we can do customization of the exchange management console and let them have only Exchange Recipient Management Console.

     

    Using MMC, we can do the same.

    Thanks


    Funnyghost
    • Marked as answer by FunnyGhost Monday, November 28, 2011 5:27 PM
    Monday, November 28, 2011 5:26 PM