Hi everyone, I've searched a lot for an answer in the net and haven't found an answer yet - I'd like to know if there is a way to grant a group permission to only create mailboxes for existing accounts, without giving them a permission to create users in AD. I've already delegated them the "exchange Administrator" permission in ESM. Thanks, Lena.

Hello leonora1, I am assuming that you are using exchange 2003(ESM), Kindly check these two articles. http://support.microsoft.com/kb/883381 http://technet.microsoft.com/en-us/library/bb124053(EXCHG.65).aspx Let us know if you have any more question. Cheers, Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com

Hey, Thank you! Helped a lot, but I cant find the following attributes in the delegation of control wizard (custom -> user objects -> property specific... ): · autoReplyMessage (ILS Settings) · homeMDB (Exchange Mailbox Store) · legacyExchangeDN · mail (E-Mail Address) · mailNickname (Alias) · msExchHomeServerName (Exchange Home Server) · proxyAddresses (Proxy Addresses) · showInAddressBook · textEncodedORAddress Thanks! Lena.

Can someone please tell me how to grant those permissions? :(

You can't delegate Exchange Attributes. You will have to give the permission of Exchange Admin to that user to whom you want to give. Why are you looking for those attributes in delegates? Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com

Hi Evan, Thanks for your help. As I wrote earlier, my problem already solved. I used the ESM delegation wizard to grant the Exchange Administrator role, and the dsacls command to grant the relevant AD permissions (as detailed here: http://www.eggheadcafe.com/microsoft/Exchange-Admin/32064372/exchange-mailbox-permissions-and-mailbox-creation.aspx) in order to let them create mailboxes. Thanks again! Have a good day! Lena.

Hi Gulab, I solved it already by dsacls. I wanted to know how I can create a group that can ONLY create mailboxes, without giving them write permissions on user objects.

Hi leonora1, Please refer to these documents, hope can give you some help: Overview of Exchange administrative role permissions in Exchange 2003 http://support.microsoft.com/kb/823018 Understanding Exchange Access Control and Administrative Delegation http://www.msexchange.org/articles/understanding-exchange-access-control-administrative-delegation.html Thanks, Evan Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.