- #Exchange 2010 server roles update#
- #Exchange 2010 server roles full#
- #Exchange 2010 server roles series#
For example, there may be the scenario where a compliance officer within a company needs to conduct a search across all employees’ mailboxes for legal reasons, or perhaps a member of the Human Resources department needs to update user information in Active Directory that is seen on the properties of users’ mailboxes. Exchange 2010 now supports a model where specialist users can be granted specific Exchange permissions required to perform their duties. The design of Exchange 2010 has needed to take into account the more demanding and granular permissions requirements of organizations. Although it was possible to implement a split permissions model in Exchange 2007 by modifying Access Control Lists (ACLs), this was a complex procedure that could sometimes result in errors and issues that were difficult to troubleshoot. Essentially, the roles in Exchange 2007 still offered too much administrative power to administrators in a decentralized Exchange organization and it was therefore difficult to limit the permissions available to certain administrators. Exchange Server Administrators - Allowed administrators to fully manage a particular Exchange 2007 server as long as they were also a member of the local Administrators group on that serverĪlthough the permissions model in Exchange 2007 was a vast improvement over those models found in earlier versions of Exchange, it still wasn’t able to satisfy a lot of the administrative scenarios found in various organizations.Exchange Public Folder Administrators - Was introduced in Exchange 2007 Service Pack 1 and as its name suggests allowed administrators to manage public folders.Exchange Recipient Administrators - Allowed administrators to modify Exchange settings on users, groups, contacts and public folders.There were effectively three new additions to the Exchange 2007 roles: The Exchange View-Only Administrators role also remained, giving administrators read-only access to the entire Exchange organization.
#Exchange 2010 server roles full#
The Exchange Full Administrator role found in Exchange 2000 and Exchange 2003 became known as the Exchange Organization Administrators role in Exchange 2007 and still gave administrators full access to all Exchange objects in the entire organization. The permissions granularity issue was improved in Exchange 2007. For example, although it was possible to grant permissions at both the organization and administrative group levels, it wasn’t possible to grant rights over specific servers once an administrator had been granted rights at the administrative group level, that administrator had rights against all Exchange servers in that administrative group. Although assigning these roles to administrative users gave those users varying levels of permissions within Exchange, the main issue with this model was that it simply wasn’t granular enough for many organizations. These three roles were the Exchange View-Only Administrator, Exchange Administrator and Exchange Full Administrator roles. This Delegation Wizard allowed the administrator to assign one of three roles to a user that they wished to grant administrative access to. In Exchange 2000 and Exchange 2003, permissions were assigned via the Delegation Wizard that was found in the Exchange System Manager console. Exchange 2010 Role Based Access Control (Part 4).Exchange 2010 Role Based Access Control (Part 3).
#Exchange 2010 server roles series#
If you would like to read the other parts in this article series please go to:
0 kommentar(er)
