Exchange Recipient Administrator Permissions

Home Forums Microsoft Networking and Management Services Active Directory Exchange Recipient Administrator Permissions

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    bcorbett
    Member
    #154548

    Hello,

    I am in the middle of setting up AD delegation for a group of users who will need to create and modify users, create mailboxes and do other housework within ADUC.

    All seems to be working as it should until I add the security group to the Exchange Recipient Administrators group (ERA). Then the users in that group are able to add themselves and other users to the domain admin group, which defeats the object of the delegation I have applied.

    I have looked at the rights inherited by the ERA group and they only appear to ‘read access’ on certain items from the domain root downwards.

    Should I expect this behaviour or is it abnormal?

    We have an Exchange 2007 SP2 server and two Win 2k8 R2 DCs. The domain is running at the Windows 2003 server functional level.

    Many thanks everyone.

    Brian

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.