Over the years, Microsoft has complicated Exchange administration by adding and removing rights to and from accounts that need to manage the e-mail system. While there were processes in place to add users to roles that allowed them to manage Exchange, differences between systems could still make these far from perfect processes.
Exchange 2007 includes a wizard called the Add Exchange Administrator wizard. The name of this wizard is pretty self-explanatory. I'll go over how to use this wizard and its various options in this tip.
To start the wizard, open the Exchange Management Console and click on Organization Configuration. From the work pane, choose Add Exchange Administrator.
The wizard asks you to choose the user or group to which you would like to apply Exchange administrative rights. Use the browse button to look through Active Directory to locate a user or group. The interesting part comes next. Note that there are four options that you can peruse to decide what the user or group is actually allowed to manage. Here are the options and what they mean:
- Exchange Organization Administrator role: When you assign users or groups to this role, those people are given full access to all Exchange properties and objects in the organization.
- Exchange Recipient Administrator role: This role is somewhat more limiting in that users assigned to this role do not have full admin rights. However, they do have the ability to modify properties and objects associated with Exchange recipients, including users, contacts, groups, dynamic distribution groups, and public folder objects.
- Exchange View-Only Administrator role: Users assigned to this role can view any object in the Exchange organization and also have read-only access to domain containers that house Exchange recipients.
- Exchange Server Administrator role: Add users to this role that you would like to allow to administer a particular Exchange server, including that server's configuration data, including Active Directory-based parameters. Use the Select... option to choose the server (or servers) that should be administered by the user or group.
Click the Add button once you have made your selection.