Ah - so, if he's not a local administrator on a remote Exchange box, or the OU in which the objects reside (mailboxes/accounts/DLs/contacts/etc.) hasn't been delegated to him, he can't do anything with them, besides viewing them like any other random user.
That's nice. I like that. On Fri, Mar 21, 2008 at 11:23 AM, Michael B. Smith <[EMAIL PROTECTED]> wrote: > He can't modify the active directory attributes on an object that he doesn't > have write access to. :-) > > Yes! That is the paper. > > > Regards, > > Michael B. Smith > MCSE/Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Kurt Buff [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 21, 2008 2:16 PM > To: NT System Admin Issues > Subject: Re: Granting rights to services on a DC, etc. > > > > On Fri, Mar 21, 2008 at 10:58 AM, Michael B. Smith > <[EMAIL PROTECTED]> wrote: > > Sorry, it's been a busy couple of weeks. > > > > If you give him (or preferentially, a group that you create and make him > a > > member of) FC on the OU where you want him to be able to do these things, > he > > can make the modifications that he wants, and only affect that OU. There > is > > a white paper, named something like "Exchange 2003 Active Directory > > Permissioning Model" that can tell you the PRECISE rights that must be > > granted, if that is of concern. > > > > Putting the DHCP server service on the Exchange server should be fine, as > > long as he is the admin of both; and that server isn't a DC. He'll need > to > > be a local admin on that box, a member of "Exchange Administrators", and > a > > member of "DHCP Administrators". > > This sounds suspiciously like he'll be able to manage > mailboxes/DLs/contacts on other Exchange servers as well - however, I > think I need to read that paper to find out. > > All answers don't *have* to come from you, Michael, but I do > appreciate what you add to the list. > > Is this what you're referring to? > > "Working with Active Directory Permissions in Microsoft Exchange Server > 2003" > > http://www.microsoft.com/downloads/details.aspx?familyid=0954b157-5add-48b8- > 9657-b95ac5bfe0a2&displaylang=en > > > Thanks! > > Kurt > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
