I have a user that I want to grant the ability to add/modify/delete external mail contacts (and DG membership). So far, I was able to copy the Recipient Management group and reduce it to the Distribution Groups, Mail Recipient Creation, and Mail Recipients permissions. This accomplished the desired effect, except... this means the user has access to ALL of my contact properties. I want to restrict her ability to do this to a specific OU, so I changed the write scope to that OU. Again, it worked as desired, except... she can no longer create new contacts since the domain.com/Users OU is no longer part of that write scope. Can I correct this behavior so that creating new contacts will automatically store them in the appropriate OU?

How is she creating the new contacts? If via ECP, then she is stuck as it only creates objects in the default users container. Otherwise, use ADUC or Powershell/EMC

Sorry, I should have provided a few more details... she is doing this through OWA/ECP on Exchange 2010 SP1, and it's a requirement that I keep it this way. We are a hospital, and security policy prevents me from granting her direct access to the server. I guess I'm hoping there's a parameter I can set on the specific role via management shell that will establish the write-to scope.

Not possible at this point. Please see for more info: http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/ec5b8e66-a5be-4e7a-8392-fc16af04c20d

I had a feeling that would be the case from what I was seeing available as options. Too bad; hopefully the Exchange team will change that in SP2. At least in the current setup, they can work, I just have to have the let me know when they add new ones so I can move it to the appropriate OU. It still makes their life easier and mine too.