|Chapter 3 - Management and Monitoring Tools|
|Monitoring and Managing Microsoft Exchange 2000 Server|
|by Mike Daugherty|
|Digital Press 2001|
The Exchange Administration Delegation wizard is designed to simplify the assignment of Exchange permissions by using Exchange administrator roles (Figure 3.9). A role is simply a collection of rights and privileges that defines a user s or administrators access to objects held within an Active Directory container.
Permissions are granted in System Manager at either the Exchange organizational level or at an administrative group level. The objects that can be managed are determined by where you start the Exchange Administration Delegation wizard. If you select the Exchange organization before starting the wizard, the administrative permissions will be granted to all Exchange objects in the organization. Similarly, if you start the wizard after selecting an administrative group, then the scope of the permissions is limited to the objects in the selected administrative group .
Exchange provides the following set of predefined roles:
Exchange Full Administrator . The Exchange Full Administrator role is designed for those administrators who need full control over the entire Exchange organization. Users who are assigned this role can fully administer all Exchange 2000 system information and can modify permissions.
Exchange Administrator . All permissions needed to manage mailboxes or perform normal day-to-day management are included in the Exchange Administrator role. If you use the predefined roles, the Exchange Administrator role would typically be assigned to administrators and system managers. It includes all of the permissions available with the Exchange Full Administrator role except for the ability to modify permissions.
Exchange View Only Administrator . This role provides view-only access to the selected objects. It can be used in conjunction with other permissions to allow administrators to view organization information for administrative groups that they are not administering.
You can start the Exchange Administration Delegation wizard from within the System Manager console by right-clicking on either the Exchange organization object or an administrative group object and selecting Delegate control.