I Need To Make A Change With My IT Support! Call (225) 706-8414

AD Domain Rights Needed to Manage Microsoft Exchange 2010

You’ve installed the Exchange 2010 Management Console (EMC), but your user is unable to see or do anything.

Solution

You need to ensure you have the correct rights. For this example, we’re using Exchange 2010.

You’ll find the AD security groups at the top level of your forest in the Microsoft Exchange Security Groups OU. There are several AD security groups that manage the rights an AD has in Exchange.

We highlight those roles most commonly used in day-to-day operations here, and then provide a few scenarios for their use. There are other roles, including those for Exchange server management-only and Exchange 2010 spam filtering management which do we not discuss here

  • Help Desk. Members of this management role group can view and manage the configuration for individual recipients and view recipients in an Exchange organization. Members of this role group can only manage the configuration each user can manage on his or her own mailbox. Additional  permissions can be added by assigning additional management roles to this role group.
  • Organization Management. Members of this management role group have permissions to manage Exchange objects and their properties in the Exchange organization. Members can also delegate role groups and management roles in the organization. This role group shouldn’t be deleted.
  • Recipient Management. Members of this management role group have rights to create, manage, and remove Exchange recipient objects in the Exchange organization.
  • View-Only Organization Management. Members of this management role group can view recipient and configuration objects and their properties in the Exchange organization.

Scenario: Helpdesk Staff

The helpdesk staff need to be able to manage individual mailbox configurations, but not create mailboxes.

Roles

  • Help Desk

Scenario: Helpdesk and User Admin Staff

Your helpdesk staff does both normal helpdesk staff and they create Exchange 2010 user mailboxes for new employees.

Roles

  • Help Desk
  • Recipient Management
  • View-Only Organization Management

Super User

You have certain staff that should be able to modify Exchange, mailboxes, etc., as needed.

Roles

  • Organization Management
  • View-Only Organization Management

 

Concerned About Cyber Attacks?

CLICK HERE >

Want to Migrate to the Cloud?

CLICK HERE >
Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!