Microsoft Exchange Server 2007 Administrators Pocket Consultant Second Edition
In Exchange Management Console, you add a new Exchange administrator role to assign administrative permissions for the Exchange organization. The level of permissions you set is determined by the role you assign a particular user or group.
Understanding Administration Roles
Adding Exchange permissions lets you assign any of the following administrative roles to users and groups:
-
Exchange Organization Administrator role Makes the user or group a member of the Exchange Organization Administrators group, which allows users or groups to fully administer the Exchange organization. Grant this role to users who need to manage the configuration of the organization, its servers, and its recipients.
-
Exchange Recipient Administrator role Makes the user or group a member of the Exchange Recipient Administrators group, which allows users or groups to fully administer Exchange recipients but not to manage the configuration of the organization or its servers. Grant this role to users or groups who are responsible for the day-to-day administration of Exchange recipients.
-
Exchange View-Only Administrator role Makes this user or group a member of the Exchange View-Only Administrators group, which grants users or groups read-only access to the Exchange organization and read-only access to Windows domain containers that have Exchange recipients.
-
Exchange Server Administrator role Adds a user or group to the built-in local
Administrators group of an Exchange server. This allows a user to manage the Exchange information store, mail interchange, and mail queues.
To view the currently assigned Exchange permissions for users and groups, you select the Organization Configuration node in the Exchange Management Console, as shown in Figure 10-5, or type get-exchangeadministrator at the Exchange Management Shell prompt.
Adding Exchange Permissions to a User or Group
In Exchange Management Console, you can assign permissions to a user or group for administering the Exchange environment by completing the following steps:
-
Right-click the Organization Configuration node, and then select Add Exchange Administrator. This starts the Add Exchange Administrator Wizard, as shown in Figure 10-6.
-
On the Add Exchange Administrator page, click Browse to display the Select User Or Group dialog box.
-
Select the user or group to which you want to assign permissions, and then click OK.
-
Select the role to add using the options provided. If you are assigning the Exchange Server Administrator role, click Add. Use the Select Exchange Server dialog box to select the Exchange server on which to add permissions, and then click OK.
-
Click Add, and then click Finish.
In Exchange Management Shell, you can assign Exchange permissions using the Add-ExchangeAdministrator cmdlet. Sample 10-1 provides the syntax and usage. You can set the –Role parameter to RecipientAdmin, ServerAdmin, ViewOnlyAdmin, or OrgAdmin.
Sample 10-1: Add-ExchangeAdministrator cmdlet syntax and usage
Syntax for Organization and Recipient Admins Add-ExchangeAdministrator -Identity 'UserOrGroupID' -Role 'Role' Usage Add-ExchangeAdministrator -Identity 'http://cpandl.com/Users/Arlene Huff' - Role 'RecipientAdmin' Syntax for Server Admins Add-ExchangeAdministrator -Identity 'UserOrGroupID' -Role 'ServerAdmin' -Scope 'Server' Usage Add-ExchangeAdministrator -Identity 'http://cpandl.com/Users/William Stanek' -Role 'ServerAdmin' -Scope 'CORPSVR127'
Removing Delegated Exchange Permissions
In Exchange Management Console, you can remove the administrator permissions you have assigned to a user or group by completing the following steps:
-
Select the Organization Configuration node.
-
Right-click the user or group for which you want to remove permissions, and then select Remove.
-
When prompted to confirm, click Yes.
In Exchange Management Shell, you can remove Exchange permissions using the Remove-ExchangeAdministrator cmdlet. Sample 10-2 provides the syntax and usage. You can set the –Role parameter to RecipientAdmin, ServerAdmin, ViewOnlyAdmin, or OrgAdmin.
Sample 10-2: Remove-ExchangeAdministrator cmdlet syntax and usage
Syntax for Organization and Recipient Admins Remove-ExchangeAdministrator -Identity 'UserOrGroupID' -Role 'Role' Usage Remove-ExchangeAdministrator -Identity 'http://cpandl.com/Users/Arlene Huff' - Role 'RecipientAdmin' Syntax for Server Admins Remove-ExchangeAdministrator -Identity 'UserOrGroupID' -Role 'ServerAdmin' -Scope 'Server' Usage Remove-ExchangeAdministrator -Identity 'http://cpandl.com/Users/Arlene Huff' -Role 'ServerAdmin' -Scope 'CORPSVR127'
Категории