17.7. Delegating Exchange for the First Time


You want to delegate permissions to manage Exchange. This recipe allows you to configure the basic delegation of the three Exchange roles to users or groups.


Using a graphical user interface

  1. Log on to a machine with an account that is in the initially delegated Exchange Group from Recipe 17.2.

  2. Per your corporate standards, create three groups called ExchangeViewAdmins, ExchangeAdmins, and ExchangeFullAdmins. The groups can be any scope. See Chapter 7 in Active Directory Cookbook (O'Reilly) for assistance on creating groups and the ramifications of the different group scopes.

  3. Open the Exchange System Manager (ESM) snap-in.

  4. In the left pane, right-click on the Organization name (e.g., RALLENCORPMAIL) and select Delegate Control.

  5. On the Welcome screen, click Next.

  6. On the Users and Groups screen, click Add.

  7. On the Delegate Control screen, click Browse.

  8. On the Select Users, Computers, Or Groups screen, type into the text box the name of the group to which you want to delegate Exchange View Admin rights (e.g., RALLENCORP\ExchangeViewAdmins).

  9. Back on the Delegate Control screen, verify that Exchange View Only Administrator is listed in the role drop-down menu and click OK.

  10. Repeat steps 6-9 for ExchangeAdmins and ExchangeFullAdmins, selecting the appropriate permissions in the role drop-down menu.

  11. If you used a group in the root delegation in Recipe 17.2, you may still see one or more accounts listed in the Users and Groups box. Remove these ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.