>> why can't they create a mailbox for a regular user? Simply, the Account Operator is designed to work as a principal that allows work on accounts as they are BY DEFAULT out of Windows Server.
The real reason is that there is typically, in most medium to large organizations, there is a mail admin team and a server admin team (at least it was VERY much this way with Exch 5.5). Separation of the functions was a goal to carry forward - but it could only be done by Group membership / permissions on attributes. If you take a look at the Advanced Security properties of a user, and drill in to the permissions granted to the AO, you're going to find that the permission for the Exchange functions are not granted. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Thursday, August 11, 2005 10:51 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] account operators thats what i thought but then it would make sense that AO group would be able to set that attrib on a user they have full control over. why can't they create a mailbox for a regular user? thanks as always, rick On 8/11/05, Rick Kingslan <[EMAIL PROTECTED]> wrote: > No, not the store - it's a bit of a misnomer that to create a mailbox you > need to have permissions to the store. > > If you can create the mailbox attributes on the user account, the first time > that a mail message is delivered to the newly mailbox-enabled user, the > actual storage area on the store is created. > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Thursday, August 11, 2005 9:57 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] account operators > > I thought AO had complete rights to the user object which would > include exchange attribs. > i guess they still need rights to the store? > is that it? > thanks > > On 8/11/05, Coleman, Hunter <[EMAIL PROTECTED]> wrote: > > I expect they lack Exchange View Only Admin permissions (or higher). > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > > Sent: Thursday, August 11, 2005 8:27 AM > > To: activedirectory > > Subject: [ActiveDir] account operators > > > > is there any reason an account operator could create a user but not a > > mailbox for that user? > > > > thanks > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
