Grant rights to perform Exchange tasks

Using security roles, you can delegate Exchange tasks to your users and granuraly define what operations in Exchange they are allowed to perform. For example, you can allow your Help Desk to only set out of office replies, and be able to do it only for the users who are members of a specific group.

Permissions granted by security roles are effective only within Adaxes.

In this tutorial, you will learn how to add the permissions to perform various Exchange tasks to an existing security role.

Launch Adaxes Administration console.
How { #collapse1}
- On the computer where Adaxes Administration console is installed, open Windows Start menu.
- Click Adaxes Administration Console.
Expand Adaxes service \ Configuration \ Security Roles and select the security role you want to modify.
In the Permissions section on the right, click Add.
In the list of object types, select:
- User if you want to delegate permissions on regular user mailboxes or mail-enabled users.
- Group if you want to delegate permissions on mail-enabled groups.
- Contact if you want to delegate permissions on mail-enabled contacts.
- Room Mailbox if you want to delegate permissions on room mailboxes.
- Equipment Mailbox if you want to delegate permissions on equipment mailboxes.
- Linked Mailbox if you want to delegate permissions on linked mailboxes.

In the General permissions section:

Type Exch in the filter edit box to filter out permissions unrelated to Exchange.
Select the permission you need in the Allow column.

Permissions for Exchange Properties

To grant the rights to modify all Exchange properties, select the Write All Properties (Exchange) permission in the Allow column.
To grant the rights to modify a specific section of Exchange properties, select it in the Allow column. For example, to allow the modification of the Automatic Replies section, select Write Automatic Replies (Exchange).

To grant the rights to modify specific Exchange properties, select the desired property in the Allow column in the Property-specific permissions list.

The following tables list Exchange parameters and their correlation with object properties:

General { #collapse1}

Parameter	Property Name
Alias	Exchange Alias
Simple display name	Simple Display Name
Hide from address lists	ms-Exch-Hide-From-Address-Lists
Custom Attributes	Extension Attribute 1 ... Extension Attribute 15
Use MAPI rich text format (mail-enabled users and contacts)	ms-Exch-MAPI-Recipient
Expansion server (mail-enabled groups)	ms-Exch-Expansion-Server-Name
Send out-of-office message to originator (mail-enabled groups)	ms-Exch-OOF-Reply-To-Originator
Delivery Reports section (mail-enabled groups)	ms-Exch-OOF-Report-To-Owner, ms-Exch-OOF-Report-To-Originator
Capacity (room and equipment mailboxes)	Capacity
Address book policy (room and equipment mailboxes)	ms-Exch-Address-Book-Policy-Link

Storage Quotas { #collapse2}

Parameter	Property Name
Use mailbox database defaults	ms-Exch-MDB-Use-Defaults
Issue warning at	ms-Exch-MDB-Storage-Quota
Prohibit send at	ms-Exch-MDB-Over-Quota-Limit
Prohibit send and receive at	ms-Exch-MDB-Over-Hard-Quota-Limit
Deleted item retention	ms-Exch-Deleted-Item-Flags
Keep deleted items for (number of days)	Garbage-Coll-Period

Email Address { #collapse3}

Parameter	Property Name
Email Addresses	Proxy Addresses
Automatically update e-mail addresses based on e-mail address policy	MsExchEmailAddressPolicyEnabled
External E-mail Address (contacts)	ms-Exch-Target-Address

Mailbox Features { #collapse4}

Policies

Parameter	Property Name
Sharing policy	ms-Exch-Sharing-Policy-Link
Role Assignment policy	ms-Exch-RBAC-Policy-Link
Retention policy, Managed Folder policy	ms-Exch-Mailbox-Template-Link
Address Book policy	ms-Exch-Address-Book-Policy-Link

Features

Unified Messaging

Parameter	Property Name
Enabled/Disabled	MsExchUMEnabled
Reset PIN	MsExchUMResetPinParams
UM mailbox policy	ms-Exch-UM-Template-Link
Personal operator extension	ms-Exch-UM-Operator-Number
Additional UM extensions	MsExchUMExtentions
Enable for Automatic Speech Recognition	MsExchUMAutoSpeechRecognitionEnabled
Allow UM calls from non-users	ms-Exch-UM-List-In-Directory-Search
Allow users to receive faxes	MsExchUMFaxEnabled
Allow divert calls without caller ID to leave message	MsExchUMAnonymousCanLeaveMessages
Allow users to configure call answering rules	MsExchUMCallAnswerRulesEnabled

Exchange ActiveSync

Parameter	Property Name
Enabled/Disabled	MsExchActiveSyncEnabled
Mobile device mailbox policy	ms-Exch-Mobile-Mailbox-Policy-Link
Mobile Devices section	MsExchMobileDevices

OWA for Devices

Parameter	Property Name
Enabled/Disabled	MsExchOutlookAppEnabled
Mobile device mailbox policy	ms-Exch-Mobile-Mailbox-Policy-Link
Mobile Devices section	MsExchMobileDevices

Outlook Web App

Parameter	Property Name
Enabled/Disabled	MsExchOwaEnabled
Outlook Web App mailbox policy	ms-Exch-OWA-Policy

IMAP

Parameter	Property Name
Enabled/Disabled	MsExchImapEnabled
Use protocol defaults	MsExchImapUseProtocolDefaults
Message retrieval format	MsExchImapMsgRetrievalMimeFormat

POP3

Parameter	Property Name
Enabled/Disabled	MsExchPop3Enabled
Use protocol defaults	MsExchPop3UseProtocolDefaults
Message retrieval format	MsExchPop3MsgRetrievalMimeFormat

MAPI

Parameter	Property Name
Enabled/Disabled	MsExchMapiEnabled

Retention Hold

Parameter	Property Name
Enabled/Disabled	MsExchRetentionHoldEnabled
Start date	Retention Hold Start Date
End date	Retention Hold End Date

Litigation Hold

Parameter	Property Name
Enabled/Disabled	MsExchLitigationHoldEnabled
Litigation hold duration	MsExchLitigationHoldDuration
Note	ms-Exch-Retention-Comment
URL	ms-Exch-Retention-URL

Archiving

Parameter	Property Name
Enabled/Disabled	MsExchArchiveEnabled
Archive database	ms-Exch-Archive-Name
Quota value	ms-Exch-Archive-Quota
Issue warning at	ms-Exch-Archive-Warn-Quota

Mail Flow

Delivery Options

Parameter	Property Name
Forward to	Forward To
Deliver message to both forwarding address and mailbox	ms-Exch-Deliver-And-Redirect
Maximum recipients	ms-Exch-Recip-Limit

Message Size Restrictions

Parameter	Property Name
Sending message size	ms-Exch-Submission-Cont-Length
Receiving message size	ms-Exch-Deliv-Cont-Length

Message Delivery Restrictions

Parameter	Property Name
Accept Messages From section	ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from)
Reject Messages From section	ms-Exch-Unauth-Orig

Mail Flow Settings { #collapse5}

Message Size Restrictions

Parameter	Property Name
Sending message size	ms-Exch-Submission-Cont-Length
Receiving message size	ms-Exch-Deliv-Cont-Length

Message Delivery Restrictions

Parameter	Property Name
Accept Messages From section	ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from)
Reject Messages From section	ms-Exch-Unauth-Orig

Delivery Management { #collapse6}

Parameter	Property Name
Accept Messages From	ms-Exch-RequireAuthToSendTo (Only senders inside my organization) ms-Exch-Auth-Orig (List of senders to accept messages from)
Reject Messages From	ms-Exch-Unauth-Orig

Message Approval { #collapse7}

Parameter	Property Name
Messages sent to this group have to be approved by a moderator	ms-Exch-Enable-Moderation
Moderators	ms-Exch-Moderated-By-Link
Senders who don't require message approval	ms-Exch-Bypass-Moderation-Link
Notifications	ms-Exch-Moderation-Flags

Calendar Permissions { #collapse8}

Parameter	Property Name
Permissions	MsExchMailboxCalendarPermissions

MailTip { #collapse9}

Parameter	Property Name
MailTip	MailTip

Delegation { #collapse10}

Parameter	Property Name
Send As	MsExchSendAs
Send on Behalf	Delegates
Full Access (Mailbox Rights)	ms-Exch-Mailbox-Security-Descriptor

Automatic Replies { #collapse11}

Parameter	Property Name
Auto-Reply Configuration	MsExchMailboxAutoReplyConfiguration

Booking Delegates { #collapse12}

Parameter	Property Name
Delegates	MsExchResourceDelegates
Forward meeting requests to delegates	MsExchForwardRequestsToDelegates
Booking Requests section	MsExchInPolicyBookFrom, MsExchInPolicyBookFromMode, MsExchInPolicyRequestFrom, MsExchInPolicyRequestFromMode, MsExchInPolicyRequestsProcessingMode
Out-of-Policy Requests section	MsExchOutPolicyRequestFrom, MsExchOutPolicyRequestFromMode

Booking Policies { #collapse13}

Parameter	Property Name
Allow conflicting meeting requests	MsExchAllowConflicts
Allow repeating meetings	MsExchAllowRecurringMeetings
Allow scheduling only during working hours	MsExchScheduleOnlyDuringWorkHours
Always decline if the end date is beyond the maximum booking lead time	MsExchEnforceSchedulingHorizon
Maximum booking lead time	MsExchBookingWindowInDays
Maximum duration	MsExchMaximumDurationInMinutes
Reply text for the meeting organizer	MsExchMeetingOrganizerReply
Send organizer information when a request is declined due to conflicts	MsExchSendOrganizerInfoOnRequestDeclined

Calendar Settings { #collapse14}

Parameter	Property Name
Delete attachments	MsExchDeleteAttachments
Delete comments	MsExchDeleteComments
Delete the subject	MsExchDeleteSubject
Delete non-calendar items	MsExchDeleteNonCalendarItems
Add the organizer's name to the subject	MsExchAddOrganizerToSubject
Remove the private flag on accepted meetings	MsExchRemovePrivateProperty
Mark pending requests as Tentative	MsExchTentativePendingApproval

Click OK.

Click Save changes.