Exchange Admin 101: Exchange 2003 and Exchange 2007 admin privileges

Organizations rarely implement a single level of administrative rights anymore because of the potential security problems that this can introduce. In larger organizations, for example, it's common to have several different administrators, each with permissions to manage a specific, contained aspect of the network. In smaller organizations, there often is a primary administrator who oversees a group of junior administrators. This tip explains the available administrative privileges in Exchange Server 2003 and Exchange Server 2007, and the differing levels of control that each admin role allows.

Exchange Server 2003 administrative roles

Exchange Server 2003 has different levels of administrative responsibility, and supports three types of administrative roles: Exchange Full Administrator, Exchange Administrator and Exchange View Only Administrator.

While creating various administrative roles was a step in the right direction, those used in Exchange Server 2003 are somewhat broad in scope. For example, Exchange Server 2003 doesn't allow you to appoint a user as an Exchange Administrator over one server, and not another. If a user is an Exchange Administrator, he has administrative control over the entire Exchange organization.

Exchange Server 2007 administrative roles

Microsoft revised the administrative roles in Exchange Server 2007 to allow organizations to delegate specific management responsibilities to various administrators. There are four different administrative roles in Exchange 2007: Exchange Organization Administrators, Exchange Recipient Administrators, Exchange Server Administrators and Exchange View Only Administrators.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Exchange Server Permissions Exchange users receiving email addressed to legacy users Restrict access to Outlook Web Access via Exchange System Manager Why you should secure Exchange 2007 using administrative policies Editing Exchange Server public folder permissions Can't delete old Microsoft Outlook public folders Why can't I grant users permissions to an Exchange public folder? Exchange public folder calendar can't be opened in Microsoft Outlook Grant or deny permissions to access a user's Exchange 2007 mailbox Set Outlook calendar permissions for group to view private meetings Selectively set email permissions for Exchange groups Microsoft Exchange Server 2007 Using Mobile Device Manager 2008 server roles in Exchange 2007 Relocating Outlook email messages on a hosted Exchange 2007 server New high availability features in Exchange Server 2010 An introduction to the DSAccess service in Exchange Server 2007 Control Outlook 2007 in cached mode settings with group policies Exchange Performance Monitor tracks domain controller communication Meeting Workspaces in Microsoft Office SharePoint Server 2007 Exchange Server 2007 SP2 reinstates built-in backup capabilities Three Performance Monitors counters to use in Exchange Server 2007 Understanding Exchange Server 2007 SP1 mobile security settings Microsoft Exchange Server 2007 Research Microsoft Exchange Server 2003 Should you remove .STM files from Exchange Server 2003? Troubleshoot 'System Attendant' error messages in OWA Configuring the default recipient policy in an Exchange 2003 environment Removing old disclaimers from Exchange Server 2003 ExMerge gotchas to watch for when migrating Exchange 2003 mailboxes Recovering deleted items after an Exchange 2003 migration Linking two Exchange 2003 servers in different forests Microsoft Exchange Server virtualization tutorial Installing Exchange Server 2003 and a domain controller on the same hardware Migrating new users onto Exchange Server 2003 Microsoft Exchange Server 2003 Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary privilege  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

When Exchange Server 2007 is installed onto a server, Setup creates a security group named Exchange Server Administrator <servername>. Administrators with the Exchange Server Administrator control are members of this group, and have full control over the server in question. The administrator will have full access to all of the server's configuration data, and can take on the role of a local Windows administrator (not a domain administrator). Exchange Server Administrators also appointed to the role of Exchange View-only Administrators.

While Exchange Server Administrators have total control over a specific server, they cannot manage recipients. This role is used most often to allow an administrator in a branch office to maintain an Exchange Server located within that office.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.