Announcement

Collapse
No announcement yet.

delegate control

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • delegate control

    I want a user to create user accounts, contacts and there mailboxes.
    So i added the account to the account operator group. Made him exchange administrator, but the user is unable to create maibox and or attributes.
    I read some microsoft articles, saying to add read and write access to the system attendant, which i did without the propper ressult. I guess the problem is caused because the exchange server is installed on a domain controller. The user needs to be added to the local administrative group, which does not exist on a domain controller. This leaves me no other option, as to make him domain admin. Which i wanted to avoid. Is there an other sollution?

    Windows Server 2003
    Microsoft Exchange 2003 SP2
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

  • #2
    Re: delegate control

    To create mailboxes the user just needs to be delegated the relevant permissions.
    Use the Delegate Control wizard in ESM to grant at least Exchange Administrator permissions, and then set permissions in the domain to allow account creation.

    If you have already done that then something else is wrong with your permissions, someone may have changed them so that they are not to the default. Try running domainprep again. It is non-destructive but will reset group memberships back to what they should be.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: delegate control

      Read only Exchange administrator and Account operator should be sufficient to provide the functionality that account needs. But you have to provide that user with local administrator rights on the local machine. Which is the real key issue here.
      Because Exchange is installed on the domain controller, there are no local accounts, to provide enough privileges, we need to make him domain admin.

      http://technet.microsoft.com/en-us/l.../bb124053.aspx

      http://support.microsoft.com/kb/905809
      Last edited by Killerbe; 8th January 2008, 10:26.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment

      Working...
      X