Permissions listed in this section are set on objects in various locations, as indicated in the title of each table.
Account | Allow/ Deny | Inherit | Right | Notes |
---|---|---|---|---|
During forestprep | ||||
Designated admin account | Allow | Yes | Read PermissionsList ContentsRead All PropertiesModify PermissionsACTRL_DS_LIST_OBJECT | Exchange administrators must be able to add other administrators or servers to the ACL of the Deleted Items container |
During server installation | ||||
Exchange Domain Servers | Allow | Yes | List Contents | The ds2mib service must be able to tell when a directory object has been deleted, so it needs to scan the dumpster |
Account | Allow/ Deny | Inherit | Right | Notes |
---|---|---|---|---|
During ADC setup | ||||
Exchange services | Allow | Yes | Full Control | The ADC must be able to alter its own configuration |
Authenticated Users | Allow | Yes | List ContentsRead All PropertiesRead Permissions |