In ADUC using the "Delegation Wizard". I have a single OU in my domain with users in it that are administered by a different group. After delegation we noticed that the members of that group had rights to every other mailbox for users also in that OU. They can't access mailboxes outside of their OU, but our intention wasn't to allow them access to email functions, just AD functions.
I have gone back through the OU Delegation wizard and can't see a checkbox related to Exchange capabilities, but perhaps one of the other items grants that capability too broadly. Basically, I want the "OU Admin" to be able to create accounts, change passwords all the domain admin type of stuff, but not be able to read or send as for other accounts. No delegation was performed in Exchange System Manager. Any suggestions? Bob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Scharff Sent: Tuesday, May 10, 2005 2:05 PM To: Exchange Discussions Subject: RE: Transitive Permissions Redux How were these permissions delegated? > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > User, IS (PHES) Posted At: Tuesday, May 10, 2005 1:03 PM Posted To: > swynk > Conversation: Transitive Permissions Redux > Subject: Transitive Permissions Redux > > > OK, I have isolated the transitive permissions issue and it wasn't > related to the shared mailbox that I thought. It was an OU delegation > issue. I had delegated OU permissions to a group that these same 2 > users were in. > > Now I need to restrict there "Send As" capabilities. I reran the > delegation wizard for the OU, but can't figure out how to delegate the > necessary permissions, but restrict them from opening and "Sending AS" > another user of the OU. > > Basically, after delegating Admin permissions to a specific OU in my > AD Domain, the members of the delegation group can now access Send As > permissions on any other user within that OU. > > Anyone else out there tackled this before? _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
