Yep, works a treat. I've tested on a PC here - can run exchange admin, add accounts but not modify or delete existing ones.
Yes, they will create accounts in their own NT domains (each site has a domain and trusts are in place) and assign those to the mailboxes. Since each admin is in a separate domain I can't put them in a group, but it's a nice idea! Dan. -----Original Message----- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 12:38 To: Exchange Discussions Subject: Re: Delegating Admin Duties If all you want them to do is create new mailboxes. That should do the trick. Just make sure you don't give them "Modify Permissions attributes". Also make sure you are only giving this right on the recipients container. To make this a little easier, create a domain global group for the remote admins. Add only that group and assign permissions to it. That way when you get a new 'remote' admin or one leaves you don't have to go dink around in Exchange to modify permissions. Just modify the group. They do have rights to create new NT accounts, right? -- Matthew Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp "Besides the technical limitations on the PST (remember the P stands for Personal, that means you're responsible not the mail admin)..." Jim Schwartz 8-16-01 ----- Original Message ----- From: "Atkinson, Daniel" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, April 23, 2002 7:16 AM Subject: RE: Delegating Admin Duties > Thanks matt, > > I'm thinking I might give the remote admins just the 'add child' right so > they can create new accounts but not mess up existing ones. > > Dan. > > -----Original Message----- > From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] > Sent: 23 April 2002 12:11 > To: Exchange Discussions > Subject: Re: Delegating Admin Duties > > Daniel, > You might be able to set some granularity by using custom roles and making > sure you only give the rights that are necessary. You might want to try > Q261092 and Q168753 for a good jumping off point. I believe the answer will > vary depending on what exactly you want the 'remote' admins to do. > > -- > Matthew > Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! > http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp > > "Besides the technical limitations on the PST (remember the P stands for > Personal, that means you're responsible not the mail admin)..." Jim Schwartz > 8-16-01 > > > ----- Original Message ----- > From: "Atkinson, Daniel" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Tuesday, April 23, 2002 6:44 AM > Subject: RE: Delegating Admin Duties > > > > Sorry, 5.5 sp4. > > > > -----Original Message----- > > From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] > > Sent: 23 April 2002 11:47 > > To: Exchange Discussions > > Subject: Re: Delegating Admin Duties > > > > What version of Exchange? > > > > ----- Original Message ----- > > From: "Atkinson, Daniel" <[EMAIL PROTECTED]> > > To: "Exchange Discussions" <[EMAIL PROTECTED]> > > Sent: Tuesday, April 23, 2002 6:25 AM > > Subject: Delegating Admin Duties > > > > > > > Hi guys, > > > > > > We have a few sites around the country but they all access a central > > > exchange server here at head office. I'm thinking about delegating admin > > > duties (i.e. creating new mailboxes) to the technical guys at each site. > > > > > > Is there any best practice here? I know I could create separate > recipients > > > containers and assign appropriate permissions, but that would mess up > the > > > GAL. I heard that's not good practice anyway? > > > > > > I suppose I could give them permissions on the whole recipients > container, > > > but then they might mess up mailboxes that aren't for users on their > site. > > > > > > Any thoughts? > > > > > > Cheers > > > Dan. > > > > > > > > > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
