RE: Granting rights to services on a DC, etc.

Fri, 21 Mar 2008 11:43:43 -0700 

When we were setting  up delegations my boss and I called that the
Excedrin Headache whitepaper :-)

-----Original Message-----
From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 21, 2008 11:24 AM
To: NT System Admin Issues
Subject: RE: Granting rights to services on a DC, etc.

He can't modify the active directory attributes on an object that he
doesn't have write access to. :-)

Yes! That is the paper.

Regards,

Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com


-----Original Message-----
From: Kurt Buff [mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2008 2:16 PM
To: NT System Admin Issues
Subject: Re: Granting rights to services on a DC, etc.

On Fri, Mar 21, 2008 at 10:58 AM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:
> Sorry, it's been a busy couple of weeks.
>
>  If you give him (or preferentially, a group that you create and make 
> him
a
>  member of) FC on the OU where you want him to be able to do these 
> things,
he
>  can make the modifications that he wants, and only affect that OU. 
> There
is
>  a white paper, named something like "Exchange 2003 Active Directory  
> Permissioning Model" that can tell you the PRECISE rights that must be

> granted, if that is of concern.
>
>  Putting the DHCP server service on the Exchange server should be 
> fine, as  long as he is the admin of both; and that server isn't a DC.

> He'll need
to
>  be a local admin on that box, a member of "Exchange Administrators", 
> and
a
>  member of "DHCP Administrators".

This sounds suspiciously like he'll be able to manage
mailboxes/DLs/contacts on other Exchange servers as well - however, I
think I need to read that paper to find out.

All answers don't *have* to come from you, Michael, but I do appreciate
what you add to the list.

Is this what you're referring to?

"Working with Active Directory Permissions in Microsoft Exchange Server
2003"

http://www.microsoft.com/downloads/details.aspx?familyid=0954b157-5add-4
8b8-
9657-b95ac5bfe0a2&displaylang=en


Thanks!

Kurt

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to