Permissions on Other Objects in the Configuration Naming Context
Deleted Items Container
cn=Deleted Items,cn=Configuration,dc=<domain>
Account | A | D | I | Right | On Property/Applies To | Comments |
---|---|---|---|---|---|---|
During ForestPrep phase |
||||||
Designated admin account |
X |
X |
Read Permissions List Contents Read All Properties Modify Permissions ACTRL_DS_LIST_OBJECT |
Not applicable |
Exchange Administrators must be able to add other admins or servers to the ACL of the Deleted Items container. |
|
During server install |
||||||
Exchange Domain Servers |
X |
X |
List Contents |
Not applicable |
The DS-to-MB service must be able to determine if DS objects have been deleted. |
Active Directory Connector Object
cn=Active Directory Connector,cn=Exchange Settings,cn=<server>,cn=Servers,cn=<site>,cn=Sites,cn=Configuration...
Account | A | D | I | Right | On Property/Applies To | Comments |
---|---|---|---|---|---|---|
During ADC setup |
||||||
Exchange Services |
X |
X |
Full Control |
Not applicable |
ADC must be able to alter its own configuration information. |
|
Authenticated Users |
X |
X |
List Contents Read All Properties Read Permissions |
Not applicable |
None |