Using Security Roles, you can granularly define which Exchange tasks you want to delegate to which users, and specify the scope on which they can perform the delegated tasks. For example, you can allow your Help Desk to only set out of office replies for the users who are members of a specific group.
In this tutorial, you will learn how to add permissions to perform various Exchange tasks to an existing Security Role.
Launch Adaxes Administration Console.
Expand Adaxes service \ Configuration \ Security Roles and select the Security Role you want to modify.
In the Permissions section located to the right, click Add.
In the list of object types, select:
In the General permissions list:
Check the permission you need in the Allow column.
To grant the rights to modify all Exchange properties, select the Write All Properties (Exchange) permission in the Allow column.
To grant the rights to modify a specific section of Exchange properties, select it in the Allow column. For example, to allow modification of the Automatic Replies section, select Write Automatic Replies (Exchange).
To grant the rights to modify specific Exchange properties, in the Property-specific permissions list, check the desired property in the Allow column.
The following tables show which AD object property corresponds to which Exchange parameter:
Parameter | Property Name |
---|---|
Alias | Exchange Alias |
Simple display name | Simple Display Name |
Hide from address lists | ms-Exch-Hide-From-Address-Lists |
Custom Attributes | Extension Attribute 1 ... Extension Attribute 15 |
Use MAPI rich text format (mail-enabled users and contacts) |
ms-Exch-MAPI-Recipient |
Expansion server (mail-enabled groups) |
ms-Exch-Expansion-Server-Name |
Send out-of-office message to originator (mail-enabled groups) |
ms-Exch-OOF-Reply-To-Originator |
Delivery Reports section (mail-enabled groups) |
ms-Exch-OOF-Report-To-Owner, ms-Exch-OOF-Report-To-Originator |
Capacity (room and equipment mailboxes) |
Capacity |
Address book policy (room and equipment mailboxes) |
ms-Exch-Address-Book-Policy-Link |
Parameter | Property Name |
---|---|
Use mailbox database defaults | ms-Exch-MDB-Use-Defaults |
Issue warning at | ms-Exch-MDB-Storage-Quota |
Prohibit send at | ms-Exch-MDB-Over-Quota-Limit |
Prohibit send and receive at | ms-Exch-MDB-Over-Hard-Quota-Limit |
Deleted item retention | ms-Exch-Deleted-Item-Flags |
Keep deleted items for (number of days) | Garbage-Coll-Period |
Parameter | Property Name |
---|---|
Email Addresses | Email Proxy Addresses |
Automatically update e-mail addresses based on e-mail address policy | MsExchEmailAddressPolicyEnabled |
External E-mail Address (contacts) |
ms-Exch-Target-Address |
Parameter | Property Name |
---|---|
Sharing policy | ms-Exch-Sharing-Policy-Link |
Role Assignment policy | ms-Exch-RBAC-Policy-Link |
Retention policy, Managed Folder policy |
ms-Exch-Mailbox-Template-Link |
Address Book policy | ms-Exch-Address-Book-Policy-Link |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchUMEnabled |
Reset PIN | MsExchUMResetPinParams |
UM mailbox policy | ms-Exch-UM-Template-Link |
Personal operator extension | ms-Exch-UM-Operator-Number |
Additional UM extensions | MsExchUMExtentions |
Enable for Automatic Speech Recognition | MsExchUMAutoSpeechRecognitionEnabled |
Allow UM calls from non-users | ms-Exch-UM-List-In-Directory-Search |
Allow users to receive faxes | MsExchUMFaxEnabled |
Allow divert calls without caller ID to leave message | MsExchUMAnonymousCanLeaveMessages |
Allow users to configure call answering rules | MsExchUMCallAnswerRulesEnabled |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchActiveSyncEnabled |
Mobile device mailbox policy | ms-Exch-Mobile-Mailbox-Policy-Link |
Mobile Devices section | MsExchMobileDevices |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchOutlookAppEnabled |
Mobile device mailbox policy | ms-Exch-Mobile-Mailbox-Policy-Link |
Mobile Devices section | MsExchMobileDevices |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchOwaEnabled |
Outlook Web App mailbox policy | ms-Exch-OWA-Policy |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchImapEnabled |
Use protocol defaults | MsExchImapUseProtocolDefaults |
Message retrieval format | MsExchImapMsgRetrievalMimeFormat |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchPop3Enabled |
Use protocol defaults | MsExchPop3UseProtocolDefaults |
Message retrieval format | MsExchPop3MsgRetrievalMimeFormat |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchMapiEnabled |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchRetentionHoldEnabled |
Start date | Retention Hold Start Date |
End date | Retention Hold End Date |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchLitigationHoldEnabled |
Litigation hold duration | MsExchLitigationHoldDuration |
Note | ms-Exch-Retention-Comment |
URL | ms-Exch-Retention-URL |
Parameter | Property Name |
---|---|
Enabled/Disabled | MsExchArchiveEnabled |
Archive database | ms-Exch-Archive-Name |
Quota value | ms-Exch-Archive-Quota |
Issue warning at | ms-Exch-Archive-Warn-Quota |
Parameter | Property Name |
---|---|
Forward to | Forward To |
Deliver message to both forwarding address and mailbox | ms-Exch-Deliver-And-Redirect |
Maximum recipients | ms-Exch-Recip-Limit |
Parameter | Property Name |
---|---|
Sending message size | ms-Exch-Submission-Cont-Length |
Receiving message size | ms-Exch-Deliv-Cont-Length |
Parameter | Property Name |
---|---|
Accept Messages From section |
ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from) |
Reject Messages From section | ms-Exch-Unauth-Orig |
Parameter | Property Name |
---|---|
Sending message size | ms-Exch-Submission-Cont-Length |
Receiving message size | ms-Exch-Deliv-Cont-Length |
Parameter | Property Name |
---|---|
Accept Messages From section |
ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from) |
Reject Messages From section | ms-Exch-Unauth-Orig |
Parameter | Property Name |
---|---|
Accept Messages From |
ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from) |
Reject Messages From | ms-Exch-Unauth-Orig |
Parameter | Property Name |
---|---|
Messages sent to this group have to be approved by a moderator | ms-Exch-Enable-Moderation |
Moderators | ms-Exch-Moderated-By-Link |
Senders who don't require message approval | ms-Exch-Bypass-Moderation-Link |
Notifications | ms-Exch-Moderation-Flags |
Parameter | Property Name |
---|---|
Permissions | MsExchMailboxCalendarPermissions |
Parameter | Property Name |
---|---|
MailTip | MailTip |
Parameter | Property Name |
---|---|
Send As | MsExchSendAs |
Send on Behalf | Delegates |
Full Access (Mailbox Rights) | ms-Exch-Mailbox-Security-Descriptor |
Parameter | Property Name |
---|---|
Auto-Reply Configuration | MsExchMailboxAutoReplyConfiguration |
Parameter | Property Name |
---|---|
Delegates | MsExchResourceDelegates |
Forward meeting requests to delegates | MsExchForwardRequestsToDelegates |
Booking Requests section |
MsExchInPolicyBookFrom, MsExchInPolicyBookFromMode, MsExchInPolicyRequestFrom, MsExchInPolicyRequestFromMode, MsExchInPolicyRequestsProcessingMode |
Out-of-Policy Requests section |
MsExchOutPolicyRequestFrom, MsExchOutPolicyRequestFromMode |
Parameter | Property Name |
---|---|
Allow conflicting meeting requests | MsExchAllowConflicts |
Allow repeating meetings | MsExchAllowRecurringMeetings |
Allow scheduling only during working hours | MsExchScheduleOnlyDuringWorkHours |
Always decline if the end date is beyond the maximum booking lead time | MsExchEnforceSchedulingHorizon |
Maximum booking lead time | MsExchBookingWindowInDays |
Maximum duration | MsExchMaximumDurationInMinutes |
Reply text for the meeting organizer | MsExchMeetingOrganizerReply |
Send organizer information when a request is declined due to conflicts | MsExchSendOrganizerInfoOnRequestDeclined |
Parameter | Property Name |
---|---|
Delete attachments | MsExchDeleteAttachments |
Delete comments | MsExchDeleteComments |
Delete the subject | MsExchDeleteSubject |
Delete non-calendar items | MsExchDeleteNonCalendarItems |
Add the organizer's name to the subject | MsExchAddOrganizerToSubject |
Remove the private flag on accepted meetings | MsExchRemovePrivateProperty |
Mark pending requests as Tentative | MsExchTentativePendingApproval |
When done, click OK.
Click Save changes.