Mail Recipients role

Applies to: Exchange Server 2013

The Mail Recipients management role enables administrators to manage existing mailboxes, mail users, and mail contacts in an organization. This role can't create these recipients. Use the Mail Recipient Creation role to create them.

This role type doesn't enable you to manage mail-enabled public folders or distribution groups. Use the following roles to manage these objects:

If your organization has a split permissions model where recipient creation and management are performed by different groups, assign the Mail Recipient Creation role to the group that performs recipient creation and the Mail Recipients role to the group that performs recipient management. For more information, see the following topics:

Additional scope considerations

In addition to recipient scopes, the Connect-Mailbox and Enable-Mailbox cmdlets, which are included with this role, are also scoped using database configuration scopes. Database configuration scopes control which databases the cmdlets can create new mailboxes on. The database where you want to create a mailbox must be within the database scope. This condition applies when you specify a database using the Database parameter on either cmdlet or if you allow automatic mailbox distribution to select the database for you. For more information, see Understanding management role scopes.

Default management role assignments

This role has role assignments to one or more role assignees. The following table indicates whether the role assignment is regular or delegating, and also indicates the management scopes applied to each assignment. The following list describes each column:

  • Regular assignment: Regular role assignments enable the role assignee to access the permissions provided by the management role entries on this role.
  • Delegating assignment: Delegating role assignments give the role assignee the ability to assign this role to role groups, users, or USGs.
  • Recipient read scope: The recipient read scope determines what recipient objects the role assignee is allowed to read from Active Directory.
  • Recipient write scope: The recipient write scope determines what recipient objects the role assignee is allowed to modify in Active Directory.
  • Configuration read scope: The configuration read scope determines what configuration and server objects the role assignee is allowed to read from Active Directory.
  • Configuration write scope: The configuration write scope determines what organizational and server objects the role assignee is allowed to modify in Active Directory.

Default management role assignments for this role

Role group Regular assignment Delegating assignment Recipient read scope Recipient write scope Configuration read scope Configuration write scope
Organization Management X X Organization Organization OrganizationConfig OrganizationConfig
Recipient Management X Organization Organization OrganizationConfig OrganizationConfig