Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-470-18146-1
11121314151617181920
Evaluating and Recommending Active Directory Configuration
11
During the initial Exchange setup in the root domain (i.e., Setup /PrepareAD)
all groups (except Exchange Server Administrators) are created as a security
group in the Microsoft Exchange Security Groups container. You can see
those using Active Directory Users and Computers.
Exchange Organization Administrators
The Exchange Organization Administrators role is the most powerful role in Exchange Server
2007. As in Exchange Server 2003, you get full access to all Exchange-related servers and
objects in your organization. You need this role for any configuration that impacts all your
Exchange servers, like connectors or global settings.
The following list provides an overview of what permissions you receive when you are part
of this role:
Owner permission to the Exchange organization in the configuration partition of
Active Directory
Read access to all domains that were prepared for Exchange
Write access to all Exchange-specific attributes in all domains that were prepared
for Exchange
Membership in local Administrators group of all Exchange servers in your organization
Because this role automatically gets write permissions on the Exchange-specific
attributes in all domains that where prepared for Exchange, Exchange Organiza-
tion Administrators can assign or remove a mailbox from any user account in the
forest—no need to be a full Domain Admin or an Account Admin!
Exchange Recipient Administrators
The Exchange Recipient Administrators manage mailboxes, contacts, groups, dynamic distri-
bution lists, and public folder objects. They can add or remove SMTP addresses, enable or
disable specific groups for mail, or create a contact. This role also lets you manage Unified
Messaging and Client Access settings on mailboxes. Basically, you can think of the Exchange
Recipient Administrators as the Exchange user management team.
You receive the following permissions when you’re part of this role:
Read access to all domains that have been prepared for Exchange
Write access to all Exchange-specific attributes in all domains that have been prepared
for Exchange
Membership in the Exchange View-Only Administrators group—thus the ability to view
the complete Exchange configuration
81461.book Page 11 Wednesday, December 12, 2007 4:49 PM