On Exch 2003, how do I delegate control to create mailbox rights?

[Andersen @ DK]

Hi

I am trying to limit access for IT supporters, in AD and Exchange.

IT supporters need rights to create mailboxes, but nothing else on Exchange

On Exch 2003, how do I delegate control to create mailbox rights?

[Jamestechman]

Mailbox-Enabling User Objects
To mailbox-enable a user or inetOrgPerson object, the Exchange
administrator must apply the Exchange delegated role, Exchange View-
Only Administrator (or higher), on the target administrative group.
In addition, the Exchange administrator must have Read and Write
access to the following user or inetOrgPerson object attributes:
• adminDisplayName
• autoReplyMessage (ILS Settings)
• displayName (Display Name)
• dLMemDefault
• homeMDB (Exchange Mailbox Store)
• homeMTA
• legacyExchangeDN
• mail (E-Mail Address)
• mailNickname (Alias)
• mAPIRecipient
• mDBUseDefaults
• msExchADCGlobalNames
• msExchControllingZone
• msExchFBURL
• msExchHideFromAddressLists
• msExchHomeServerName (Exchange Home Server)
• msExchMailboxGuid
• msExchMailboxSecurityDescriptor
• msExchPoliciesExcluded
• msExchPoliciesIncluded
• msExchResourceGUID
• msExchUserAccountControl
• proxyAddresses (Proxy Addresses)
• showInAddressBook
• targetAddress
• textEncodedORAddress

Also make sure that the user\group has read access on the store itself
if it doesn't show up when you're creating the mailbox.

Working with Active Directory Permissions in Microsoft Exchange Server
2003
http://www.microsoft.com/downloads/details.aspx?familyid=0954b157-5add-48b8-9657-b95ac5bfe0a2&displaylang=en

James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

On Aug 19, 6:33 am, Andersen @ DK