RE: Delegating Admin Duties
Sorry, 5.5 sp4. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 11:47 To: Exchange Discussions Subject: Re: Delegating Admin Duties What version of Exchange? - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:25 AM Subject: Delegating Admin Duties Hi guys, We have a few sites around the country but they all access a central exchange server here at head office. I'm thinking about delegating admin duties (i.e. creating new mailboxes) to the technical guys at each site. Is there any best practice here? I know I could create separate recipients containers and assign appropriate permissions, but that would mess up the GAL. I heard that's not good practice anyway? I suppose I could give them permissions on the whole recipients container, but then they might mess up mailboxes that aren't for users on their site. Any thoughts? Cheers Dan. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Delegating Admin Duties
Daniel, You might be able to set some granularity by using custom roles and making sure you only give the rights that are necessary. You might want to try Q261092 and Q168753 for a good jumping off point. I believe the answer will vary depending on what exactly you want the 'remote' admins to do. -- Matthew Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp Besides the technical limitations on the PST (remember the P stands for Personal, that means you're responsible not the mail admin)... Jim Schwartz 8-16-01 - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:44 AM Subject: RE: Delegating Admin Duties Sorry, 5.5 sp4. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 11:47 To: Exchange Discussions Subject: Re: Delegating Admin Duties What version of Exchange? - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:25 AM Subject: Delegating Admin Duties Hi guys, We have a few sites around the country but they all access a central exchange server here at head office. I'm thinking about delegating admin duties (i.e. creating new mailboxes) to the technical guys at each site. Is there any best practice here? I know I could create separate recipients containers and assign appropriate permissions, but that would mess up the GAL. I heard that's not good practice anyway? I suppose I could give them permissions on the whole recipients container, but then they might mess up mailboxes that aren't for users on their site. Any thoughts? Cheers Dan. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Delegating Admin Duties
Thanks matt, I'm thinking I might give the remote admins just the 'add child' right so they can create new accounts but not mess up existing ones. Dan. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 12:11 To: Exchange Discussions Subject: Re: Delegating Admin Duties Daniel, You might be able to set some granularity by using custom roles and making sure you only give the rights that are necessary. You might want to try Q261092 and Q168753 for a good jumping off point. I believe the answer will vary depending on what exactly you want the 'remote' admins to do. -- Matthew Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp Besides the technical limitations on the PST (remember the P stands for Personal, that means you're responsible not the mail admin)... Jim Schwartz 8-16-01 - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:44 AM Subject: RE: Delegating Admin Duties Sorry, 5.5 sp4. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 11:47 To: Exchange Discussions Subject: Re: Delegating Admin Duties What version of Exchange? - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:25 AM Subject: Delegating Admin Duties Hi guys, We have a few sites around the country but they all access a central exchange server here at head office. I'm thinking about delegating admin duties (i.e. creating new mailboxes) to the technical guys at each site. Is there any best practice here? I know I could create separate recipients containers and assign appropriate permissions, but that would mess up the GAL. I heard that's not good practice anyway? I suppose I could give them permissions on the whole recipients container, but then they might mess up mailboxes that aren't for users on their site. Any thoughts? Cheers Dan. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Delegating Admin Duties
If all you want them to do is create new mailboxes. That should do the trick. Just make sure you don't give them Modify Permissions attributes. Also make sure you are only giving this right on the recipients container. To make this a little easier, create a domain global group for the remote admins. Add only that group and assign permissions to it. That way when you get a new 'remote' admin or one leaves you don't have to go dink around in Exchange to modify permissions. Just modify the group. They do have rights to create new NT accounts, right? -- Matthew Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp Besides the technical limitations on the PST (remember the P stands for Personal, that means you're responsible not the mail admin)... Jim Schwartz 8-16-01 - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 7:16 AM Subject: RE: Delegating Admin Duties Thanks matt, I'm thinking I might give the remote admins just the 'add child' right so they can create new accounts but not mess up existing ones. Dan. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 12:11 To: Exchange Discussions Subject: Re: Delegating Admin Duties Daniel, You might be able to set some granularity by using custom roles and making sure you only give the rights that are necessary. You might want to try Q261092 and Q168753 for a good jumping off point. I believe the answer will vary depending on what exactly you want the 'remote' admins to do. -- Matthew Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp Besides the technical limitations on the PST (remember the P stands for Personal, that means you're responsible not the mail admin)... Jim Schwartz 8-16-01 - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:44 AM Subject: RE: Delegating Admin Duties Sorry, 5.5 sp4. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 11:47 To: Exchange Discussions Subject: Re: Delegating Admin Duties What version of Exchange? - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:25 AM Subject: Delegating Admin Duties Hi guys, We have a few sites around the country but they all access a central exchange server here at head office. I'm thinking about delegating admin duties (i.e. creating new mailboxes) to the technical guys at each site. Is there any best practice here? I know I could create separate recipients containers and assign appropriate permissions, but that would mess up the GAL. I heard that's not good practice anyway? I suppose I could give them permissions on the whole recipients container, but then they might mess up mailboxes that aren't for users on their site. Any thoughts? Cheers Dan. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com
RE: Delegating Admin Duties
Yep, works a treat. I've tested on a PC here - can run exchange admin, add accounts but not modify or delete existing ones. Yes, they will create accounts in their own NT domains (each site has a domain and trusts are in place) and assign those to the mailboxes. Since each admin is in a separate domain I can't put them in a group, but it's a nice idea! Dan. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 12:38 To: Exchange Discussions Subject: Re: Delegating Admin Duties If all you want them to do is create new mailboxes. That should do the trick. Just make sure you don't give them Modify Permissions attributes. Also make sure you are only giving this right on the recipients container. To make this a little easier, create a domain global group for the remote admins. Add only that group and assign permissions to it. That way when you get a new 'remote' admin or one leaves you don't have to go dink around in Exchange to modify permissions. Just modify the group. They do have rights to create new NT accounts, right? -- Matthew Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp Besides the technical limitations on the PST (remember the P stands for Personal, that means you're responsible not the mail admin)... Jim Schwartz 8-16-01 - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 7:16 AM Subject: RE: Delegating Admin Duties Thanks matt, I'm thinking I might give the remote admins just the 'add child' right so they can create new accounts but not mess up existing ones. Dan. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 12:11 To: Exchange Discussions Subject: Re: Delegating Admin Duties Daniel, You might be able to set some granularity by using custom roles and making sure you only give the rights that are necessary. You might want to try Q261092 and Q168753 for a good jumping off point. I believe the answer will vary depending on what exactly you want the 'remote' admins to do. -- Matthew Exchange Disaster Recovery, Live it, Learn It, Love It, Get yours today! http://www.microsoft.com/TechNet/exchange/technote/edrv3p1.asp Besides the technical limitations on the PST (remember the P stands for Personal, that means you're responsible not the mail admin)... Jim Schwartz 8-16-01 - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:44 AM Subject: RE: Delegating Admin Duties Sorry, 5.5 sp4. -Original Message- From: Matt Monteleone-Haught [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 11:47 To: Exchange Discussions Subject: Re: Delegating Admin Duties What version of Exchange? - Original Message - From: Atkinson, Daniel [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 6:25 AM Subject: Delegating Admin Duties Hi guys, We have a few sites around the country but they all access a central exchange server here at head office. I'm thinking about delegating admin duties (i.e. creating new mailboxes) to the technical guys at each site. Is there any best practice here? I know I could create separate recipients containers and assign appropriate permissions, but that would mess up the GAL. I heard that's not good practice anyway? I suppose I could give them permissions on the whole recipients container, but then they might mess up mailboxes that aren't for users on their site. Any thoughts? Cheers Dan. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto