Delegate Mailbox Rights

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

How can I delegate the permission to field administrators to be able modify
users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
user's properties windows)? I gave the field administrators read/write
permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
Exchange Admin view only on the users (via OU), but it still does not work.
The field administrators still cannot modify the users' mailbox rights. Any
help will be very much appreciated.

SMO

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You will need to go into the Exchange permissions for the given account and give
them change permissions.

Exchange permissions are very hokey 2 part thing and need to be done through
cdoexm. Modifying the msExchMailboxSecurityDescriptor is not the supported way
to make changes.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


SMO wrote:
> How can I delegate the permission to field administrators to be able modify
> users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
> user's properties windows)? I gave the field administrators read/write
> permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
> Exchange Admin view only on the users (via OU), but it still does not work.
> The field administrators still cannot modify the users' mailbox rights. Any
> help will be very much appreciated.
>
> SMO

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Joe, Thanks for the reply. Can you elaborate on how I can give the change
permissions on the "Exchange permissions" for the given account? I'm not
using a script in trying to do this, just a regular ADUC or ESM GUI.

SMO

"Joe Richards [MVP]" wrote:

> You will need to go into the Exchange permissions for the given account and give
> them change permissions.
>
> Exchange permissions are very hokey 2 part thing and need to be done through
> cdoexm. Modifying the msExchMailboxSecurityDescriptor is not the supported way
> to make changes.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> SMO wrote:
> > How can I delegate the permission to field administrators to be able modify
> > users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
> > user's properties windows)? I gave the field administrators read/write
> > permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
> > Exchange Admin view only on the users (via OU), but it still does not work.
> > The field administrators still cannot modify the users' mailbox rights. Any
> > help will be very much appreciated.
> >
> > SMO
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Clarification: The given accounts that I need to delegate to field
administartors are a bunch of users (more than 1000 users) in separate OUs.

SMO

"SMO" wrote:

> Joe, Thanks for the reply. Can you elaborate on how I can give the change
> permissions on the "Exchange permissions" for the given account? I'm not
> using a script in trying to do this, just a regular ADUC or ESM GUI.
>
> SMO
>
> "Joe Richards [MVP]" wrote:
>
> > You will need to go into the Exchange permissions for the given account and give
> > them change permissions.
> >
> > Exchange permissions are very hokey 2 part thing and need to be done through
> > cdoexm. Modifying the msExchMailboxSecurityDescriptor is not the supported way
> > to make changes.
> >
> > --
> > Joe Richards Microsoft MVP Windows Server Directory Services
> > www.joeware.net
> >
> >
> > SMO wrote:
> > > How can I delegate the permission to field administrators to be able modify
> > > users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
> > > user's properties windows)? I gave the field administrators read/write
> > > permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
> > > Exchange Admin view only on the users (via OU), but it still does not work.
> > > The field administrators still cannot modify the users' mailbox rights. Any
> > > help will be very much appreciated.
> > >
> > > SMO
> >

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Pull up the mailbox-enabled user account in ADUC on machine that has had the
Exchange tools loaded.

Click on Exchange Advanced

Click on Mailbox Rights

Now do what looks like a normal ACL edit, add the accounts and permissions you
want to add.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


SMO wrote:
> Joe, Thanks for the reply. Can you elaborate on how I can give the change
> permissions on the "Exchange permissions" for the given account? I'm not
> using a script in trying to do this, just a regular ADUC or ESM GUI.
>
> SMO
>
> "Joe Richards [MVP]" wrote:
>
>
>>You will need to go into the Exchange permissions for the given account and give
>>them change permissions.
>>
>>Exchange permissions are very hokey 2 part thing and need to be done through
>>cdoexm. Modifying the msExchMailboxSecurityDescriptor is not the supported way
>>to make changes.
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>SMO wrote:
>>
>>>How can I delegate the permission to field administrators to be able modify
>>>users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
>>>user's properties windows)? I gave the field administrators read/write
>>>permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
>>>Exchange Admin view only on the users (via OU), but it still does not work.
>>>The field administrators still cannot modify the users' mailbox rights. Any
>>>help will be very much appreciated.
>>>
>>>SMO
>>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I did that and it works. However, how do we do this on a bunch of users
without assigning the permissions one user at a time. i.e. Is there a
non-scripting way to do it per OU (so all users under the OU are delegated)?

Thanks again
SMO

"Joe Richards [MVP]" wrote:

> Pull up the mailbox-enabled user account in ADUC on machine that has had the
> Exchange tools loaded.
>
> Click on Exchange Advanced
>
> Click on Mailbox Rights
>
> Now do what looks like a normal ACL edit, add the accounts and permissions you
> want to add.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> SMO wrote:
> > Joe, Thanks for the reply. Can you elaborate on how I can give the change
> > permissions on the "Exchange permissions" for the given account? I'm not
> > using a script in trying to do this, just a regular ADUC or ESM GUI.
> >
> > SMO
> >
> > "Joe Richards [MVP]" wrote:
> >
> >
> >>You will need to go into the Exchange permissions for the given account and give
> >>them change permissions.
> >>
> >>Exchange permissions are very hokey 2 part thing and need to be done through
> >>cdoexm. Modifying the msExchMailboxSecurityDescriptor is not the supported way
> >>to make changes.
> >>
> >>--
> >>Joe Richards Microsoft MVP Windows Server Directory Services
> >>www.joeware.net
> >>
> >>
> >>SMO wrote:
> >>
> >>>How can I delegate the permission to field administrators to be able modify
> >>>users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
> >>>user's properties windows)? I gave the field administrators read/write
> >>>permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
> >>>Exchange Admin view only on the users (via OU), but it still does not work.
> >>>The field administrators still cannot modify the users' mailbox rights. Any
> >>>help will be very much appreciated.
> >>>
> >>>SMO
> >>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Nope you can't delegate that on an OU basis, it has to be done user by user or
via the exchange org pieces such as everyone in a database, everyone in a
storage group, everyone on a server, everyone in an admin group, everyone in the
org, etc.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


SMO wrote:
> I did that and it works. However, how do we do this on a bunch of users
> without assigning the permissions one user at a time. i.e. Is there a
> non-scripting way to do it per OU (so all users under the OU are delegated)?
>
> Thanks again
> SMO
>
> "Joe Richards [MVP]" wrote:
>
>
>>Pull up the mailbox-enabled user account in ADUC on machine that has had the
>>Exchange tools loaded.
>>
>>Click on Exchange Advanced
>>
>>Click on Mailbox Rights
>>
>>Now do what looks like a normal ACL edit, add the accounts and permissions you
>>want to add.
>>
>> joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>SMO wrote:
>>
>>>Joe, Thanks for the reply. Can you elaborate on how I can give the change
>>>permissions on the "Exchange permissions" for the given account? I'm not
>>>using a script in trying to do this, just a regular ADUC or ESM GUI.
>>>
>>>SMO
>>>
>>>"Joe Richards [MVP]" wrote:
>>>
>>>
>>>
>>>>You will need to go into the Exchange permissions for the given account and give
>>>>them change permissions.
>>>>
>>>>Exchange permissions are very hokey 2 part thing and need to be done through
>>>>cdoexm. Modifying the msExchMailboxSecurityDescriptor is not the supported way
>>>>to make changes.
>>>>
>>>>--
>>>>Joe Richards Microsoft MVP Windows Server Directory Services
>>>>www.joeware.net
>>>>
>>>>
>>>>SMO wrote:
>>>>
>>>>
>>>>>How can I delegate the permission to field administrators to be able modify
>>>>>users' mailbox rights (in the Exchange Advanced tab - Mailbox Rights of a
>>>>>user's properties windows)? I gave the field administrators read/write
>>>>>permissions of " msExchMailboxSecurityDescriptor" (ACL) in addition to the
>>>>>Exchange Admin view only on the users (via OU), but it still does not work.
>>>>>The field administrators still cannot modify the users' mailbox rights. Any
>>>>>help will be very much appreciated.
>>>>>
>>>>>SMO
>>>>