Exchange Recipient Administrator Permissions

Home Forums Microsoft Networking and Management Services Active Directory Exchange Recipient Administrator Permissions

This topic contains 1 reply, has 2 voices, and was last updated by Avatar emaneric 8 years, 5 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • Avatar
    bcorbett
    Member
    #154548

    Hello,

    I am in the middle of setting up AD delegation for a group of users who will need to create and modify users, create mailboxes and do other housework within ADUC.

    All seems to be working as it should until I add the security group to the Exchange Recipient Administrators group (ERA). Then the users in that group are able to add themselves and other users to the domain admin group, which defeats the object of the delegation I have applied.

    I have looked at the rights inherited by the ERA group and they only appear to ‘read access’ on certain items from the domain root downwards.

    Should I expect this behaviour or is it abnormal?

    We have an Exchange 2007 SP2 server and two Win 2k8 R2 DCs. The domain is running at the Windows 2003 server functional level.

    Many thanks everyone.

    Brian

    Avatar
    emaneric
    Member
    #381761

    Re: Exchange Recipient Administrator Permissions

    I seemed to have solved this problem by delegating using the “configuresplitperms.ps1” script and not assigning the ERA role at all.

    Thanks to all those who looked, though.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.