Hi guys, We already have trasitioned to Exchange 2007 SP3, but we need to assign certain permissions for our Service Desk area. The main tasks they actually do are: 1. Create, modify and delete recipients (distribution lists, user accounts, mailboxes, mail contacts) 2. Set send as and full access permssions to mailboxes 3. Move user accounts between parent and child domains and move mailboxes between databases and servers. I checked the Exchange Recipient Administrators rol in order to apply it to Service Desk team, but this rol or security group allows to read Server Configuration and Organization Configuration nodes and doesn´t allow move mailboxes. I already check the following links and other social.technet.microsoft.com forums but these doesn´t specify what permissions allow and deny. I tried to create a new security group and assign certains permissions by ADSIEDIT in several attributes sets unsuccesfully. Is there any links specifying what attributes to allow in order to execute the tasks mentioned above and deny to read Server Configuration and Organization Configuration nodes? Thanks in advanced. http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/exchange-2007-permissions-and-roles-part1.html http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/exchange-2007-permissions-and-roles-part2.html http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/creating-custom-exchange-2007-management-consoles.html http://technet.microsoft.com/en-us/library/bb232100(EXCHG.80).aspx http://technet.microsoft.com/en-us/library/aa996881(EXCHG.80).aspx

Hi guys, I only want to know the cause nobody responds my issue, was there something wrong with my request? I only want retro for future posts. thanks

Hi, I did investigated your question before and from what I found out it's messy and not worth the time because when you go into ADSIEdit to set the settings, you will forget the permission settings down the track. In order to allow delete, take full permission access etc you will need to give the help desk Exchange Organisation Administrator group. The fix is with RBAC in Exchange 2010 but I'm sure that people in the big organisation has a workaround for this.