Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Nope you can't delegate that on an OU basis, it has to be done user by user or
via the exchange org pieces such as everyone in a database, everyone in a
storage group, everyone on a server, everyone in an admin group, everyone in the
org, etc.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
SMO wrote:
> I did that and it works. However, how do we do this on a bunch of users
> without assigning the permissions one user at a time. i.e. Is there a
> non-scripting way to do it per OU (so all users under the OU are delegated)?
>
> Thanks again
> SMO
>
> "Joe Richards [MVP]" wrote:
>
>
>>Pull up the mailbox-enabled user account in ADUC on machine that has had the
>>Exchange tools loaded.
>>
>>Click on Exchange Advanced
>>
>>Click on Mailbox Rights
>>
>>Now do what looks like a normal ACL edit, add the accounts and permissions you
>>want to add.
>>
>> joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>SMO wrote:
>>
>>>Joe, Thanks for the reply. Can you elaborate on how I can give the change
>>>permissions on the "Exchange permissions" for the given account? I'm not
>>>using a script in trying to do this, just a regular ADUC or ESM GUI.
>>>
>>>SMO
>>>
>>>"Joe Richards [MVP]" wrote:
>>>
>>>
>>>
>>>>You will need to go into the Exchange permissions for the given account and give
>>>>them change permissions.
>>>>
>>>>Exchange permissions are very hokey 2 part thing and need to be done through
>>>>cdoexm. Modifying the msExchMailboxSecurityDescriptor is not the supported way
>>>>to make changes.
>>>>
>>>>--
>>>>Joe Richards Microsoft MVP Windows Server Directory Services
>>>>www.joeware.net
>>>>
>>>>
>>>>SMO wrote:
>>>>
>>>>
>>>>>How can I delegate the permission to field administrators to be able modify
>>>>>users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
>>>>>user's properties windows)? I gave the field administrators read/write
>>>>>permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
>>>>>Exchange Admin view only on the users (via OU), but it still does not work.
>>>>>The field administrators still cannot modify the users' mailbox rights. Any
>>>>>help will be very much appreciated.
>>>>>
>>>>>SMO
>>>>