Permissions on Other Objects in the Configuration Naming Context

 

Deleted Items Container

cn=Deleted Items,cn=Configuration,dc=<domain>

Account A D I Right On Property/Applies To Comments

During ForestPrep phase

Designated admin account

X

X

Read Permissions List Contents Read All Properties Modify Permissions ACTRL_DS_LIST_OBJECT

Not applicable

Exchange Administrators must be able to add other admins or servers to the ACL of the Deleted Items container.

During server install

Exchange Domain Servers

X

X

List Contents

Not applicable

The DS-to-MB service must be able to determine if DS objects have been deleted.

Active Directory Connector Object

cn=Active Directory Connector,cn=Exchange Settings,cn=<server>,cn=Servers,cn=<site>,cn=Sites,cn=Configuration...

Account A D I Right On Property/Applies To Comments

During ADC setup

Exchange Services

X

X

Full Control

Not applicable

ADC must be able to alter its own configuration information.

Authenticated Users

X

X

List Contents Read All Properties Read Permissions

Not applicable

None