Grant Rights to Perform Exchange Tasks

Using Security Roles, you can granularly define which Exchange tasks you want to delegate to which users, and specify the scope on which they can perform the delegated tasks. For example, you can allow your Help Desk to only set out of office replies for the users who are members of a specific group.

In this tutorial, you will learn how to add permissions to perform various Exchange tasks to an existing Security Role.

1. Launch Adaxes Administration Console.
   Expand Adaxes service \ Configuration \ Security Roles and select the Security Role you want to modify.

   ---

   

2. In the Permissions section located to the right, click Add.

   

3. In the list of object types, select:

   ---

   • User if you want to delegate permissions on regular user mailboxes or mail-enabled users,
   • Group if you want to delegate permissions on mail-enabled groups,
   • Contact if you want to delegate permissions on mail-enabled contacts.
   • Room Mailbox if you want to delegate permissions on room mailboxes.
   • Equipment Mailbox if you want to delegate permissions on equipment mailboxes.
   • Linked Mailbox if you want to delegate permissions on linked mailboxes.

   

4. In the General permissions list:

   ---

   • Type Exch in the filter edit box to filter out permissions unrelated to Exchange.

   • Check the permission you need in the Allow column.

     

   Permissions for Exchange Properties

   ---

   • To grant the rights to modify all Exchange properties, select the Write All Properties (Exchange) permission in the Allow column.

     

     ---

   • To grant the rights to modify a specific section of Exchange properties, select it in the Allow column. For example, to allow modification of the Automatic Replies section, select Write Automatic Replies (Exchange).

     

     ---

   • To grant the rights to modify specific Exchange properties, in the Property-specific permissions list, check the desired property in the Allow column.

     

     ---

     The following tables show which AD object property corresponds to which Exchange parameter:

     General

     Parameter	Property Name
     Alias	Exchange Alias
     Simple display name	Simple Display Name
     Hide from address lists	ms-Exch-Hide-From-Address-Lists
     Custom Attributes	Extension Attribute 1 ... Extension Attribute 15
     Use MAPI rich text format (mail-enabled users and contacts)	ms-Exch-MAPI-Recipient
     Expansion server (mail-enabled groups)	ms-Exch-Expansion-Server-Name
     Send out-of-office message to originator (mail-enabled groups)	ms-Exch-OOF-Reply-To-Originator
     Delivery Reports section (mail-enabled groups)	ms-Exch-OOF-Report-To-Owner, ms-Exch-OOF-Report-To-Originator
     Capacity (room and equipment mailboxes)	Capacity
     Address book policy (room and equipment mailboxes)	ms-Exch-Address-Book-Policy-Link

     Storage Quotas

     Parameter	Property Name
     Use mailbox database defaults	ms-Exch-MDB-Use-Defaults
     Issue warning at	ms-Exch-MDB-Storage-Quota
     Prohibit send at	ms-Exch-MDB-Over-Quota-Limit
     Prohibit send and receive at	ms-Exch-MDB-Over-Hard-Quota-Limit
     Deleted item retention	ms-Exch-Deleted-Item-Flags
     Keep deleted items for (number of days)	Garbage-Coll-Period

     Email Address

     Parameter	Property Name
     Email Addresses	Email Proxy Addresses
     Automatically update e-mail addresses based on e-mail address policy	MsExchEmailAddressPolicyEnabled
     External E-mail Address (contacts)	ms-Exch-Target-Address

     Mailbox Features

     Policies

     Parameter	Property Name
     Sharing policy	ms-Exch-Sharing-Policy-Link
     Role Assignment policy	ms-Exch-RBAC-Policy-Link
     Retention policy, Managed Folder policy	ms-Exch-Mailbox-Template-Link
     Address Book policy	ms-Exch-Address-Book-Policy-Link

     Features

     Unified Messaging

     Parameter	Property Name
     Enabled/Disabled	MsExchUMEnabled
     Reset PIN	MsExchUMResetPinParams
     UM mailbox policy	ms-Exch-UM-Template-Link
     Personal operator extension	ms-Exch-UM-Operator-Number
     Additional UM extensions	MsExchUMExtentions
     Enable for Automatic Speech Recognition	MsExchUMAutoSpeechRecognitionEnabled
     Allow UM calls from non-users	ms-Exch-UM-List-In-Directory-Search
     Allow users to receive faxes	MsExchUMFaxEnabled
     Allow divert calls without caller ID to leave message	MsExchUMAnonymousCanLeaveMessages
     Allow users to configure call answering rules	MsExchUMCallAnswerRulesEnabled

     Exchange ActiveSync

     Parameter	Property Name
     Enabled/Disabled	MsExchActiveSyncEnabled
     Mobile device mailbox policy	ms-Exch-Mobile-Mailbox-Policy-Link
     Mobile Devices section	MsExchMobileDevices

     OWA for Devices

     Parameter	Property Name
     Enabled/Disabled	MsExchOutlookAppEnabled
     Mobile device mailbox policy	ms-Exch-Mobile-Mailbox-Policy-Link
     Mobile Devices section	MsExchMobileDevices

     Outlook Web App

     Parameter	Property Name
     Enabled/Disabled	MsExchOwaEnabled
     Outlook Web App mailbox policy	ms-Exch-OWA-Policy

     IMAP

     Parameter	Property Name
     Enabled/Disabled	MsExchImapEnabled
     Use protocol defaults	MsExchImapUseProtocolDefaults
     Message retrieval format	MsExchImapMsgRetrievalMimeFormat

     POP3

     Parameter	Property Name
     Enabled/Disabled	MsExchPop3Enabled
     Use protocol defaults	MsExchPop3UseProtocolDefaults
     Message retrieval format	MsExchPop3MsgRetrievalMimeFormat

     MAPI

     Parameter	Property Name
     Enabled/Disabled	MsExchMapiEnabled

     Retention Hold

     Parameter	Property Name
     Enabled/Disabled	MsExchRetentionHoldEnabled
     Start date	Retention Hold Start Date
     End date	Retention Hold End Date

     Litigation Hold

     Parameter	Property Name
     Enabled/Disabled	MsExchLitigationHoldEnabled
     Litigation hold duration	MsExchLitigationHoldDuration
     Note	ms-Exch-Retention-Comment
     URL	ms-Exch-Retention-URL

     Archiving

     Parameter	Property Name
     Enabled/Disabled	MsExchArchiveEnabled
     Archive database	ms-Exch-Archive-Name
     Quota value	ms-Exch-Archive-Quota
     Issue warning at	ms-Exch-Archive-Warn-Quota

     Mail Flow

     Delivery Options

     Parameter	Property Name
     Forward to	Forward To
     Deliver message to both forwarding address and mailbox	ms-Exch-Deliver-And-Redirect
     Maximum recipients	ms-Exch-Recip-Limit

     Message Size Restrictions

     Parameter	Property Name
     Sending message size	ms-Exch-Submission-Cont-Length
     Receiving message size	ms-Exch-Deliv-Cont-Length

     Message Delivery Restrictions

     Parameter	Property Name
     Accept Messages From section	ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from)
     Reject Messages From section	ms-Exch-Unauth-Orig

     Mail Flow Settings

     Message Size Restrictions

     Parameter	Property Name
     Sending message size	ms-Exch-Submission-Cont-Length
     Receiving message size	ms-Exch-Deliv-Cont-Length

     Message Delivery Restrictions

     Parameter	Property Name
     Accept Messages From section	ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from)
     Reject Messages From section	ms-Exch-Unauth-Orig

     Delivery Management

     Parameter	Property Name
     Accept Messages From	ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from)
     Reject Messages From	ms-Exch-Unauth-Orig

     Message Approval

     Parameter	Property Name
     Messages sent to this group have to be approved by a moderator	ms-Exch-Enable-Moderation
     Moderators	ms-Exch-Moderated-By-Link
     Senders who don't require message approval	ms-Exch-Bypass-Moderation-Link
     Notifications	ms-Exch-Moderation-Flags

     Calendar Permissions

     Parameter	Property Name
     Permissions	MsExchMailboxCalendarPermissions

     MailTip

     Parameter	Property Name
     MailTip	MailTip

     Delegation

     Parameter	Property Name
     Send As	MsExchSendAs
     Send on Behalf	Delegates
     Full Access (Mailbox Rights)	ms-Exch-Mailbox-Security-Descriptor

     Automatic Replies

     Parameter	Property Name
     Auto-Reply Configuration	MsExchMailboxAutoReplyConfiguration

     Booking Delegates

     Parameter	Property Name
     Delegates	MsExchResourceDelegates
     Forward meeting requests to delegates	MsExchForwardRequestsToDelegates
     Booking Requests section	MsExchInPolicyBookFrom, MsExchInPolicyBookFromMode, MsExchInPolicyRequestFrom, MsExchInPolicyRequestFromMode, MsExchInPolicyRequestsProcessingMode
     Out-of-Policy Requests section	MsExchOutPolicyRequestFrom, MsExchOutPolicyRequestFromMode

     Booking Policies

     Parameter	Property Name
     Allow conflicting meeting requests	MsExchAllowConflicts
     Allow repeating meetings	MsExchAllowRecurringMeetings
     Allow scheduling only during working hours	MsExchScheduleOnlyDuringWorkHours
     Always decline if the end date is beyond the maximum booking lead time	MsExchEnforceSchedulingHorizon
     Maximum booking lead time	MsExchBookingWindowInDays
     Maximum duration	MsExchMaximumDurationInMinutes
     Reply text for the meeting organizer	MsExchMeetingOrganizerReply
     Send organizer information when a request is declined due to conflicts	MsExchSendOrganizerInfoOnRequestDeclined

     Calendar Settings

     Parameter	Property Name
     Delete attachments	MsExchDeleteAttachments
     Delete comments	MsExchDeleteComments
     Delete the subject	MsExchDeleteSubject
     Delete non-calendar items	MsExchDeleteNonCalendarItems
     Add the organizer's name to the subject	MsExchAddOrganizerToSubject
     Remove the private flag on accepted meetings	MsExchRemovePrivateProperty
     Mark pending requests as Tentative	MsExchTentativePendingApproval

   When done, click OK.

5. Click Save changes.