Grant Rights to Perform Exchange Tasks


Using Security Roles, you can granularly define which Exchange tasks you want to delegate to which users, and specify the scope on which they can perform the delegated tasks. For example, you can allow your Help Desk to only set out of office replies for the users who are members of a specific group.

Permissions granted by Security Roles are effective only within Adaxes.

In this tutorial, you will learn how to add permissions to perform various Exchange tasks to an existing Security Role.


  1. Launch Adaxes Administration Console.
    Expand Adaxes service \ Configuration \ Security Roles and select the Security Role you want to modify.


  2. In the Permissions section located to the right, click Add.

  3. In the list of object types, select:


    • User if you want to delegate permissions on regular user mailboxes or mail-enabled users,
    • Group if you want to delegate permissions on mail-enabled groups,
    • Contact if you want to delegate permissions on mail-enabled contacts.
    • Room Mailbox if you want to delegate permissions on room mailboxes.
    • Equipment Mailbox if you want to delegate permissions on equipment mailboxes.
    • Linked Mailbox if you want to delegate permissions on linked mailboxes.

  4. In the General permissions list:


    • Type Exch in the filter edit box to filter out permissions unrelated to Exchange.
    • Check the permission you need in the Allow column.

    Permissions for Exchange Properties


    • To grant the rights to modify all Exchange properties, select the Write All Properties (Exchange) permission in the Allow column.


    • To grant the rights to modify a specific section of Exchange properties, select it in the Allow column. For example, to allow modification of the Automatic Replies section, select Write Automatic Replies (Exchange).


    • To grant the rights to modify specific Exchange properties, in the Property-specific permissions list, check the desired property in the Allow column.


      The following tables show which AD object property corresponds to which Exchange parameter:

      Parameter Property Name
      Alias Exchange Alias
      Simple display name Simple Display Name
      Hide from address lists ms-Exch-Hide-From-Address-Lists
      Custom Attributes Extension Attribute 1 ... Extension Attribute 15
      Use MAPI rich text format
      (mail-enabled users and contacts)
      ms-Exch-MAPI-Recipient
      Expansion server
      (mail-enabled groups)
      ms-Exch-Expansion-Server-Name
      Send out-of-office message to originator
      (mail-enabled groups)
      ms-Exch-OOF-Reply-To-Originator
      Delivery Reports section
      (mail-enabled groups)
      ms-Exch-OOF-Report-To-Owner,
      ms-Exch-OOF-Report-To-Originator
      Capacity
      (room and equipment mailboxes)
      Capacity
      Address book policy
      (room and equipment mailboxes)
      ms-Exch-Address-Book-Policy-Link
      Parameter Property Name
      Use mailbox database defaults ms-Exch-MDB-Use-Defaults
      Issue warning at ms-Exch-MDB-Storage-Quota
      Prohibit send at ms-Exch-MDB-Over-Quota-Limit
      Prohibit send and receive at ms-Exch-MDB-Over-Hard-Quota-Limit
      Deleted item retention ms-Exch-Deleted-Item-Flags
      Keep deleted items for (number of days) Garbage-Coll-Period
      Parameter Property Name
      Email Addresses Email Proxy Addresses
      Automatically update e-mail addresses based on e-mail address policy MsExchEmailAddressPolicyEnabled
      External E-mail Address
      (contacts)
      ms-Exch-Target-Address
      Parameter Property Name
      Sharing policy ms-Exch-Sharing-Policy-Link
      Role Assignment policy ms-Exch-RBAC-Policy-Link
      Retention policy,
      Managed Folder policy
      ms-Exch-Mailbox-Template-Link
      Address Book policy ms-Exch-Address-Book-Policy-Link
      Parameter Property Name
      Enabled/Disabled MsExchUMEnabled
      Reset PIN MsExchUMResetPinParams
      UM mailbox policy ms-Exch-UM-Template-Link
      Personal operator extension ms-Exch-UM-Operator-Number
      Additional UM extensions MsExchUMExtentions
      Enable for Automatic Speech Recognition MsExchUMAutoSpeechRecognitionEnabled
      Allow UM calls from non-users ms-Exch-UM-List-In-Directory-Search
      Allow users to receive faxes MsExchUMFaxEnabled
      Allow divert calls without caller ID to leave message MsExchUMAnonymousCanLeaveMessages
      Allow users to configure call answering rules MsExchUMCallAnswerRulesEnabled
      Parameter Property Name
      Enabled/Disabled MsExchActiveSyncEnabled
      Mobile device mailbox policy ms-Exch-Mobile-Mailbox-Policy-Link
      Mobile Devices section MsExchMobileDevices
      Parameter Property Name
      Enabled/Disabled MsExchOutlookAppEnabled
      Mobile device mailbox policy ms-Exch-Mobile-Mailbox-Policy-Link
      Mobile Devices section MsExchMobileDevices
      Parameter Property Name
      Enabled/Disabled MsExchOwaEnabled
      Outlook Web App mailbox policy ms-Exch-OWA-Policy
      Parameter Property Name
      Enabled/Disabled MsExchImapEnabled
      Use protocol defaults MsExchImapUseProtocolDefaults
      Message retrieval format MsExchImapMsgRetrievalMimeFormat
      Parameter Property Name
      Enabled/Disabled MsExchPop3Enabled
      Use protocol defaults MsExchPop3UseProtocolDefaults
      Message retrieval format MsExchPop3MsgRetrievalMimeFormat
      Parameter Property Name
      Enabled/Disabled MsExchMapiEnabled
      Parameter Property Name
      Enabled/Disabled MsExchRetentionHoldEnabled
      Start date Retention Hold Start Date
      End date Retention Hold End Date
      Parameter Property Name
      Enabled/Disabled MsExchLitigationHoldEnabled
      Litigation hold duration MsExchLitigationHoldDuration
      Note ms-Exch-Retention-Comment
      URL ms-Exch-Retention-URL
      Parameter Property Name
      Enabled/Disabled MsExchArchiveEnabled
      Archive database ms-Exch-Archive-Name
      Quota value ms-Exch-Archive-Quota
      Issue warning at ms-Exch-Archive-Warn-Quota
      Parameter Property Name
      Forward to Forward To
      Deliver message to both forwarding address and mailbox ms-Exch-Deliver-And-Redirect
      Maximum recipients ms-Exch-Recip-Limit
      Parameter Property Name
      Sending message size ms-Exch-Submission-Cont-Length
      Receiving message size ms-Exch-Deliv-Cont-Length
      Parameter Property Name
      Accept Messages From section ms-Exch-RequireAuthToSendTo (Only senders inside my organization)
      ms-Exch-Auth-Orig (List of senders to accept messages from)
      Reject Messages From section ms-Exch-Unauth-Orig
      Parameter Property Name
      Sending message size ms-Exch-Submission-Cont-Length
      Receiving message size ms-Exch-Deliv-Cont-Length
      Parameter Property Name
      Accept Messages From section ms-Exch-RequireAuthToSendTo (Only senders inside my organization)
      ms-Exch-Auth-Orig (List of senders to accept messages from)
      Reject Messages From section ms-Exch-Unauth-Orig
      Parameter Property Name
      Accept Messages From ms-Exch-RequireAuthToSendTo (Only senders inside my organization)
      ms-Exch-Auth-Orig (List of senders to accept messages from)
      Reject Messages From ms-Exch-Unauth-Orig
      Parameter Property Name
      Messages sent to this group have to be approved by a moderator ms-Exch-Enable-Moderation
      Moderators ms-Exch-Moderated-By-Link
      Senders who don't require message approval ms-Exch-Bypass-Moderation-Link
      Notifications ms-Exch-Moderation-Flags
      Parameter Property Name
      Permissions MsExchMailboxCalendarPermissions
      Parameter Property Name
      MailTip MailTip
      Parameter Property Name
      Send As MsExchSendAs
      Send on Behalf ms-Exch-Public-Delegates
      Full Access (Mailbox Rights) ms-Exch-Mailbox-Security-Descriptor
      Parameter Property Name
      Auto-Reply Configuration MsExchMailboxAutoReplyConfiguration
      Parameter Property Name
      Delegates MsExchResourceDelegates
      Forward meeting requests to delegates MsExchForwardRequestsToDelegates
      Booking Requests section MsExchInPolicyBookFrom,
      MsExchInPolicyBookFromMode,
      MsExchInPolicyRequestFrom,
      MsExchInPolicyRequestFromMode,
      MsExchInPolicyRequestsProcessingMode
      Out-of-Policy Requests section MsExchOutPolicyRequestFrom,
      MsExchOutPolicyRequestFromMode
      Parameter Property Name
      Allow conflicting meeting requests MsExchAllowConflicts
      Allow repeating meetings MsExchAllowRecurringMeetings
      Allow scheduling only during working hours MsExchScheduleOnlyDuringWorkHours
      Always decline if the end date is beyond the maximum booking lead time MsExchEnforceSchedulingHorizon
      Maximum booking lead time MsExchBookingWindowInDays
      Maximum duration MsExchMaximumDurationInMinutes
      Reply text for the meeting organizer MsExchMeetingOrganizerReply
      Send organizer information when a request is declined due to conflicts MsExchSendOrganizerInfoOnRequestDeclined
      Parameter Property Name
      Delete attachments MsExchDeleteAttachments
      Delete comments MsExchDeleteComments
      Delete the subject MsExchDeleteSubject
      Delete non-calendar items MsExchDeleteNonCalendarItems
      Add the organizer's name to the subject MsExchAddOrganizerToSubject
      Remove the private flag on accepted meetings MsExchRemovePrivateProperty
      Mark pending requests as Tentative MsExchTentativePendingApproval

    When done, click OK.

  5. Click Save changes.

Open tutorial filtering

Got questions?
Support Questions & Answers