Exchange Server 2003 Delegation and Roles

By using the Exchange System Manager, you can delegate permissions. You can use the Exchange Administration Delegation Wizard to delegate permissions through roles. Roles are scenario-based. Therefore, the organization administrator can make a user or group the sub-administrator of the Exchange organization, thus granting limited access to certain objects. Selecting the role in the Exchange delegation wizard sets a number of granular permissions in Active Directory® directory service.

Enterprise administrators may want to have more granular details on the exact changes that the Delegation Wizard makes to Active Directory. This chapter explains those changes.

By using the Exchange Administration Delegation Wizard, permissions are applied at the Microsoft® Exchange container level in the Active Directory configuration naming context and inherited throughout the organization. These permissions do not grant any access to objects stored within the domain naming contexts of the forest (that is, where user, group, and contact objects are stored), allowing for higher levels of security and separation.