Exchange - 2010 (Very Poorly Structured in terms of Administrative Access)
I am newly Appointed Administrator (Never had experience with RBAC)
There is a Helpdesk team, I want them to have following permissions on Exchange Org.:
| Active Directory Permissions |
| Distribution Groups |
| Mail Recipient Creation |
| Mail Recipients |
| Mailbox Search |
| Message Tracking |
| Monitoring |
| Organization Client Access |
| POP3 And IMAP4 Protocols |
| Transport Hygiene |
| Transport Queues |
| User Options |
| View-Only Configuration |
View-Only Recipients |
Here is what I did:
1) I Created A User "TESTADMIN"
2) I created A Group (Helpdesk) using RBAC Tool in EMC
3) Added Permissions I want to give Users in this Group
4) Added Users who will be Members of this Group (TESTADMIN for now)
And I Started Patting my Shoulder (Thinking I did something Great), But NO ! ! !
1) Firstly, with this TESTADMIN User I am not able to Access Exchange Servers at all (TESTADMIN is very well added in "Remote Desktop Users" group in AD). It says "Connection was denied because The User Account is not Authorized for Remote Login"
2) "Remote Desktop Users" is very well added in "Allow Logon through Remote Desktop Services" in Local Security Policy of Exchange Server
3) If I add User TESTADMIN in "Allow Logon Locally" in Local Security Policy of Exchange Server, I am able to secure the Remote desktop Connection but it refuses to Login & gives "Unable to login due to permissions error"
4) I tried logging in to Domain Controller using this TESTADMIN & I was able to (Only after adding TESTADMIN in "Allow Logon through Remote Desktop Services" in Local Security Policy of Domain Controller (But I am not able to open ADUC, though I delegated Control of One OU to this User)
WAO . . . I am really typing Too much :O :O :O
Conclusion, Shall we ;) ???
I want Helpdesk to have LIMITED Access to DC & also to Exchange (PLEASE HELP :D)
Thanks in Advance ! ! !
Mohammed Bin Ahmed - Data Center Engineer