Alright my GAB (global address book) is way way way out of sync with the corporate phone directory, an seeing how I am now the only person in my department there is no way that I am going to be able to update it. Human Resources on the other hand has some time on their hands and could update it for me. Only trouble with that is that I would need to give them permissions to do so. Rut-row George, sounds scary. Any ideas on how I can do this without risky some HR person?s slippery fingers mis-clicking on an icon and crashing my server or worse yet deleting a mailbox or distribution list. I tried to use Access to edit the GAB but that doesn?t work, as the Access link is only for reading not writing. I don?t have any issues with Installing Exchange Admin on their machine, if I can eliminate the threat of destruction looming in the air.
This conversation is currently closed to new comments.
create an NT global group for the people that will need this access (or use an existing group) and assign permissions to the recipients container (you may also need to assign permissions to the server as well) you can enable the permission views on each object by clicking on tools/options and checking the first two boxes.
you may need to play around with this a little bit, but you can assign modify user attributes (such as the phone number, etc) without assigning them delete capabilities.
*sigh* Wow! Who would have thought it would be that easy. Here is what I did based on your suggestion. (for argument sake lets say that the existing NT group was DOMAIN\HRD)
Gave DOMAIN\HRD "Logon Rights" to the SITE. On "Recipients" container gave DOMAIN\HRD "Modify User Attributes".
Installed Exchange Admin on HR machine locked the machine down to DOMAIN\HRD members only via Local Security policy. Edited view for HR personnel on Exchange admin, in other words removed the left column and toolbar from the window and set the view to Mailboxes only. (of course they can just change it back, but I don?t think that I have a choice)
Outstanding security issues that I will just have to live with unless someone thinks of something better: Members of DOMAIN\HRD are able to view Hidden Recipients on the Server, as well as delete and add distribution lists members, and delete and add e-mail address for users, i.e. aaron@home.net could be deleted and replaced with aaron_w@home.net. =( But I guess I'll have to trust them.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Exchange 5.5 (GAB) administration