in our Exchange 2003 organization, we have 7 admin groups (AGs) corresponding roughly to # of child domains. When an admin of a domain creates a new user, he is prompted to create a mailbox and is given option to pick from ANY exchange server in the entire Win2K3 forest. We want to limit this option to only their local-to-domain Exchange server.
It seems Microsoft article #883381 talks about this issue but their solution to deny 6 permissions at AG or Server level is a bit odd since that means you have to remove inheritance of view-only permissions from the Exch root for all remote domain admins. Also I remember seeing an Exchange 2K3 setup where this was accomplished without undoing inheritance of permissions. Please straighten me out. Thanks. Jay ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
