I need to give the help desk permission to edit the permissions on mailboxes, without giving them org admin. For instance, add-mailboxpermission, remove-mailboxpermission. How do I do this?

Exchange Recipient Administrators.Any user configured for this level of access has permissions to modify Exchange information on users, groups, contacts and public folders.Therefore, this role can be used for typical daily tasks such as creating and removing mailboxes and distribution groups.Raj

Thanks! I'll test and follow up.

Related articles for your reference:Permission Considerationshttp://technet.microsoft.com/en-us/library/aa996881.aspxhttp://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/exchange-2007-permissions-and-roles-part1.html

I'll follow up on the articles and post my results fyi.

FYI that group gives them WAY more permissions that you want. There's not really a clean way to do this actually in Exchange 2007. With RBAC it should be fairly easy in 2010.Active Directory, 4th Edition - www.briandesmond.com/ad4/

Hey Brian, hope you're doing well! I used to read your posts to the internal list in 2007/8.All,The references given here, and all the info I can find, say Recipient Admins can modify any Exchange attribute on recipients. But, the permissions on recipient objects are AD permissions and not Exchange attributes. So, Recipient Admins membership doesn't resolve my problem.I've been asked to identify the specific AD permissions needed to manage the permissions on mailboxes. If anyone has a link to this info I would appreciate it, but I have been unable to find it myself. And, I'll investigate 2010.

The issue here is that these are really permissions on the actual mailbox itself, not in AD.You can /try/ delegating msExchMailboxSecurityDescriptor but there are all sorts of wierd things around this and I don't think it is enough.Active Directory, 4th Edition - www.briandesmond.com/ad4/