Exchange Administrator RolesIt is possible to have more than one Exchange administrator in your Exchange 2007 organization. To better facilitate the implementation of multiple administrators, Exchange 2007 provides predefined administrator roles that minimize manual permission configuration. The following table describes the predefined roles offered in Exchange 2007 to manage configuration data:
Role
Description
Exchange Organization Administrator
Users who are an Exchange Organization Administrators have the highest level of permissions within the Exchange organization, having full access to modify all Exchange properties and objects in the Exchange organization, including:
Full control as owner over the Exchange organization data in the configuration container in Active Directory and the local Exchange server Administrator group.
Full control as owner over the local Exchange server configuration data.
Read access to all Active Directory domain users.
Write access to all Exchange-specific attributes in all Active Directory domain user containers.
You must be assigned as the Exchange Organization Administrator role to perform any task that will affect the entire organization, including:
Creating the Exchange organization and installing the first Exchange server
Changing any global configuration settings
Deleting connectors
Changing server policies
You should know the following about the Exchange Organization Administrators role:
Setup will add the Exchange Organization Administrators role as a member of the local Administrators group on the computer on which you are installing Exchange.
If you install Exchange 2007 on a domain controller, the users in the Exchange Organization Administrators role will have additional Windows permissions that they do not have if you install Exchange 2007 on a computer that is not a domain controller.
Exchange View-Only Administrator
Users who are an Exchange View-Only Administrator have read-only access to:
The whole Exchange organization tree in the Active Directory configuration container.
All the Windows domain containers that have Exchange recipients.
Exchange Recipient Administrator
Users who are an Exchange Recipient Administrator can perform the following functions:
Modify any Exchange property on an Active Directory object, including:
Users
Contacts
Groups
Dynamic distribution lists
Public folder objects
Manage Unified Messaging mailbox settings and Client Access mailbox settings.
Additionally, Exchange Recipient Administrator role gives the following permissions:
Membership in the Exchange View-Only Administrator role.
Read access to all the Active Directory Domain User containers that have been prepared for Exchange 2007.
Write access to all the Exchange specific attributes on the Domain User containers in Active Directory domains that have been prepared for Exchange 2007.
Exchange Server Administrator
Users who are an Exchange Server Administrator have permissions to server Exchange configuration data stored on the local server and in Active Directory. Members have the following permissions:
Members of the Exchange View-Only Administrators role.
Full control as owner over the local server configuration data.
Local administrator on the computer on which Exchange is installed.
When you assign this role, you designate the Exchange server(s) that the administrator is allowed to manage.
Exchange Public Folder Administrator
Users who are an Exchange Public Folder Administrator have administrative permissions to perform the following tasks related to public folders:
Create and delete public folders
Mail-enable public folders
Manage public folder settings, such as:
Replicas
Quotas
Age limits
Administrative permissions
Client permissions
Note: Users who are an Exchange Public Folder Administrator cannot modify mail recipient-related properties on public folders, such as proxy addresses.
These Exchange Administrator roles (with exception of Exchange Server Administrators) are created in a new Microsoft Exchange security group Organizational Unit (OU).
0 komentar:
Post a Comment