Restrict Exchange admin access in Exchange 2007
Is there a way to restrict exchange admin access to only one mailbox server in Exchange 2007? For instance, in exchange 2003, security was granular enough that you could give an exchange admin only access to modify and create users on their own server and/or database. If that user tried to create/modify users in another database or server, then they were denied access. Can this be done in Exchange 2007 and if so where is the security set to accomplish this?
January 24th, 2011 6:46pm

You can definitely do this for single server (default) or an array of servers per this link, http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/exchange-2007-permissions-and-roles-part2.htmlMVP Exchange Server
Free Windows Admin Tool Kit Click here and download it now
January 24th, 2011 6:59pm

You can definitely do this for single server (default) or an array of servers per this link, http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/exchange-2007-permissions-and-roles-part2.html MVP Exchange Server So if I give a user Exchange Server Administrator rights over one Exchange server, will it let them create/modify users that reside on databases on that server? It looks like from the definition that the "Exchange Server Administrator" only has Exchange view-only admin and local admin rights. As an example, lets say there are two sites, west coast and east coast. I would want the admins on the east coast to only be able to modify/create/delete users that reside on the databases on the east coast server and vice versa for the west coast. There would then be an organizational admin that could admin both sites. Is this possible with the Exchange Server Administrator right? Maybe I'm making it harder than it really is :) I guess it all boils down to: Can view-only admins create/modify/delete users?
January 24th, 2011 7:26pm

Per your requirements, I would recommend Both East Coast and West Coast admins would require Exchange Server Administrator role per their respective server, and the Admin who manages both sites would require either Exchange Organization Administrator or Exchange Server Administrator for East and West Coast Servers, depending on whether he/she needs access to changing Global Config options. MVP Exchange Server
Free Windows Admin Tool Kit Click here and download it now
January 24th, 2011 7:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics