Permissions listed in this section are applied to objects in the domain naming context.
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During domainprep | ||||
Exchange Enterprise Servers | Allow | Yes | Write Property | Applied to Public-Information (property set); allows maintenance of mail- enabled user attributes |
Exchange Enterprise Servers | Allow | Yes | Write Property | Applied to Personal-Information (property set) |
Exchange Enterprise Servers | Allow | Yes | Write Property | Applied to groupType property set |
Exchange Enterprise Servers | Allow | Yes | Write Property | Applied to displayName property |
Exchange Enterprise Servers | Allow | Yes | Manage Replication Topology | Allows RUS to track replication changes |
Exchange Enterprise Servers | Allow | Yes | List Contents | Duplicates permissions granted to Pre-Windows 2000 “compatible access group |
Exchange Enterprise Servers | Allow | Yes | Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT | Applies to user objects |
Exchange Enterprise Servers | Allow | Yes | Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT | Applies to group objects |
Exchange Enterprise Servers | Allow | Yes | Modify Permissions | Applies to group objects; allows maintenance of ACLs for groups whose membership is hidden |
During domainprep against a Windows Server 2003 schema | ||||
Exchange Enterprise Servers | Allow | Yes | Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT | Applies to inetOrgPerson objects |
Account | Allow/ Deny | Inherit | Right | Notes |
---|---|---|---|---|
During domainprep | ||||
Exchange Enterprise Servers | Allow | Yes | Full Control | Allows adding, deleting, and modifying proxy objects |
Exchange Domain Servers | Allow | Yes | Full Control | Allows adding, deleting, and modifying proxy objects |
Authenticated Users | Allow | Yes | Read Permissions | Allows access to public folder objects |
Authenticated Users | Allow | Yes | Read Property | Applies to garbageCollPeriod property |
Authenticated Users | Allow | Yes | Read Property | Applies to adminDisplayName property |
Authenticated Users | Allow | Yes | Read Property | Applies to modifyTimeStamp |
During domainprep | ||||
Authenticated Users | Allow | Yes | Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT | |
During RUS operation | ||||
All delegated Full Administrators at organization and administrative group levels | Allow | Yes | Full Control | |
All delegated Full Administrators at organization and administrative group levels | Allow | Yes | Read PermissionsList ContentsAll Validated WritesRead All PropertiesWrite All PropertiesCreate All Child ObjectsDelete All Child Objects | |
All delegated org-level and admin- group-level View-Only Admins | Allow | Yes | Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_ OBJECT |
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During domainprep | ||||
Exchange Enterprise Servers | Allow | Yes | Write Property | Applies only to member property; RUS needs this to add Exchange Domain Servers to each domain s pre-Windows 2000 group |
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During domainprep | ||||
All existing organization- level Full Exchange Admins | Allow | Full Control | Administrators must be able to add or remove machine accounts when running Setup | |
Exchange Enterprise Servers | Allow | Full Control | ||
During RUS operation | ||||
All delegated organization-level Exchange Full Admins | Allow | Yes | Full Control |
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During domainprep | ||||
All existing organization- level Full Exchange Admins | Allow | Full Control | Administrators running Setup must be able to change group membership | |
Exchange Enterprise Servers | Allow | Full Control | ||
During RUS operation | ||||
All delegated organization-level Exchange Full Admins | Allow | Yes | Full Control |