Datasheet
10
Chapter 1
Designing and Planning Messaging Services
Using the first or last option, you don’t need much extra configuration in Exchange
Server 2007. However, splitting permissions is a more complex story. After offering some
background in the following sections, I will explore this topic in detail under the heading
“The Split-Permissions Model.”
Exchange 2003 was based on an administrative role model of two layers: organization–
and administrative group–based. This model has proven to be insufficiently flexible, especially
for medium-to-large organizations. Thus, Exchange Server 2007 uses a more granular admin-
istrative roles model similar to the built-in Windows Server security groups.
Administrative Roles
Exchange Server 2007 uses the following predefined roles to manage permissions:
Exchange Organization Administrators
Exchange Recipient Administrators
Exchange View-Only Administrators
Exchange Server Administrators
All roles expect Exchange Server Administrators provide you with permissions to any
domain that was prepared for Exchange (i.e., Setup /PrepareDomain). You cannot change
the scope of them.
To assign a role to a group or account, you can either use the Exchange Management
Console (EMC) and configure it in the Organization Configuration pane, or use the Add-
ExchangeAdministrator command in the Exchange Management Shell (EMS). Figure 1.1
shows the Exchange Management Console where you can view and modify all administra-
tive roles.
FIGURE 1.1 Exchange administrative roles in the Exchange Management Console
81461.book Page 10 Wednesday, December 12, 2007 4:49 PM