• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

domain admin permissions

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> domain admin permissions Page: [1]
Login
Message << Older Topic   Newer Topic >>
domain admin permissions - 22.Dec.2003 2:51:00 PM   
worm

 

Posts: 11
Joined: 9.Oct.2003
From: Washinton DC
Status: offline
Hello our network is setup that we are a little bitty OU in a huge forrest.

We are fighting with the forrest owners to gain complete access and control of our own OU.

Our IT manager was told some things, that I would like to confirm.

1. Domain admins in a native mode forrest DO NOT have permission to change/unlock/access mailboxes in the SAME group. Is this true? that seems a little far fetched.

2. As a limitation set my Microsoft, Domain admin cannot access all users mailboxes. HUH? What is the point of being an exchange admin if you can't access all of the mailboxes.

Are these questions true, or are they just trying to pull a Sadam Hussein on us. They already forced us into migrating to exchange 2000, when everything was fine with us staying 5.5 and using the connectors.

Now that we have migrated, we have to ask them to do everything from unlocking admin accounts to creating custom receipients.

Its awful.
Post #: 1
RE: domain admin permissions - 24.Dec.2003 4:18:00 PM   
pjhutch

 

Posts: 3578
Joined: 21.Jul.2001
From: W Yorks, England
Status: offline
>1. Domain admins in a native mode forrest DO NOT have permission to change/unlock/access mailboxes in the SAME group. Is this true? that seems a little far fetched.

You can manage accounts on an entire domain e.g.
new accounts, change passwords, unlock accounts etc (as can Account Operators).

>2. As a limitation set my Microsoft, Domain admin cannot access all users mailboxes. HUH? What is the point of being an exchange admin if you can't access all of the mailboxes.

Its a security feature, all admins are denied access to mailbox contents. You need to specify permissions on the Mailbox Stores to gain access to mailboxes. We've enabled it on our servers to manage other users when needed.

(in reply to worm)
Post #: 2
RE: domain admin permissions - 30.Dec.2003 1:52:00 AM   
atguilmette

 

Posts: 403
Joined: 4.Mar.2003
From: Southfield, MI
Status: offline
A more granular thing to do (than granting Domain Admin privileges to everyone that needs to administer mailboxes) would be to create a group, maybe called "Exchange Admins," and grant that group control over mailboxes through the Exchange System Manager. That way, you can separate domain management tasks from mailbox management tasks.

(in reply to worm)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> domain admin permissions Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter