Grant rights to perform Exchange tasks
Using security roles, you can delegate Exchange tasks to your users and granuraly define what operations in Exchange they are allowed to perform. For example, you can allow your Help Desk to only set out of office replies, and be able to do it only for the users who are members of a specific group.
Permissions granted by security roles are effective only within Adaxes.
In this tutorial, you will learn how to add the permissions to perform various Exchange tasks to an existing security role.
-
Launch Adaxes administration console.
How
-
On the computer where Adaxes administration console is installed, open Windows Start menu.
-
Click Adaxes Administration Console.
-
-
Expand Adaxes service \ Configuration \ Security Roles and select the security role you want to modify.
-
In the Permissions section on the right, click Add.
-
In the list of object types, select:
-
User if you want to delegate permissions on regular user mailboxes or mail-enabled users.
-
Group if you want to delegate permissions on mail-enabled groups.
-
Contact if you want to delegate permissions on mail-enabled contacts.
-
Room Mailbox if you want to delegate permissions on room mailboxes.
-
Equipment Mailbox if you want to delegate permissions on equipment mailboxes.
-
Linked Mailbox if you want to delegate permissions on linked mailboxes.
-
-
In the General permissions section:
-
Type Exchange in the filter edit box to filter out permissions unrelated to Exchange.
-
Select the permission you need in the Allow column.
Permissions for Exchange Properties
-
To grant the rights to modify all Exchange properties, select the Write All Properties (Exchange) permission in the Allow column.
-
To grant the rights to modify a specific section of Exchange properties, select it in the Allow column. For example, to allow the modification of the Automatic Replies section, select Write Automatic Replies (Exchange).
-
To grant the rights to modify specific Exchange properties, select the desired property in the Allow column in the Property-specific permissions list.
The following tables list Exchange parameters and their correlation with object properties:
General
Parameter Property Name Alias Email Simple display name Simple display name Hide from address lists Hidden from address lists Custom Attributes Extension attribute 1 ... Extension attribute 15 Use MAPI rich text format
(mail-enabled users and contacts)ms-Exch-MAPI-Recipient Expansion server
(mail-enabled groups)ms-Exch-Expansion-Server-Name Send out-of-office message to originator
(mail-enabled groups)ms-Exch-OOF-Reply-To-Originator Delivery Reports section
(mail-enabled groups)ms-Exch-OOF-Report-To-Owner,
ms-Exch-OOF-Report-To-OriginatorCapacity
(room and equipment mailboxes)Capacity Address book policy
(room and equipment mailboxes)ms-Exch-Address-Book-Policy-Link Storage Quotas
Parameter Property Name Use mailbox database defaults ms-Exch-MDB-Use-Defaults Issue warning at Issue a warning at Prohibit send at Prohibit send at Prohibit send and receive at Prohibit send and receive at Deleted item retention ms-Exch-Deleted-Item-Flags Keep deleted items for (number of days) Keep deleted items for Email Address
Parameter Property Name Email Addresses Proxy addresses Automatically update e-mail addresses based on e-mail address policy MsExchEmailAddressPolicyEnabled External E-mail Address
(contacts)ms-Exch-Target-Address Mailbox Features
Policies
Parameter Property Name Sharing policy ms-Exch-Sharing-Policy-Link Role Assignment policy ms-Exch-RBAC-Policy-Link Retention policy,
Managed Folder policyms-Exch-Mailbox-Template-Link Address Book policy ms-Exch-Address-Book-Policy-Link Features
Unified Messaging
Parameter Property Name Enabled/Disabled MsExchUMEnabled Reset PIN MsExchUMResetPinParams UM mailbox policy Unified Messaging policy Personal operator extension ms-Exch-UM-Operator-Number Additional UM extensions MsExchUMExtentions Enable for Automatic Speech Recognition MsExchUMAutoSpeechRecognitionEnabled Allow UM calls from non-users ms-Exch-UM-List-In-Directory-Search Allow users to receive faxes MsExchUMFaxEnabled Allow divert calls without caller ID to leave message MsExchUMAnonymousCanLeaveMessages Allow users to configure call answering rules MsExchUMCallAnswerRulesEnabled Exchange ActiveSync
Parameter Property Name Enabled/Disabled MsExchActiveSyncEnabled Mobile device mailbox policy Mobile Device policy Mobile Devices section MsExchMobileDevices OWA for Devices
Parameter Property Name Enabled/Disabled MsExchOutlookAppEnabled Mobile device mailbox policy Mobile Device policy Mobile Devices section MsExchMobileDevices Outlook Web App
Parameter Property Name Enabled/Disabled MsExchOwaEnabled Outlook Web App mailbox policy Outlook web app policy IMAP
Parameter Property Name Enabled/Disabled MsExchImapEnabled Use protocol defaults MsExchImapUseProtocolDefaults Message retrieval format MsExchImapMsgRetrievalMimeFormat POP3
Parameter Property Name Enabled/Disabled MsExchPop3Enabled Use protocol defaults MsExchPop3UseProtocolDefaults Message retrieval format MsExchPop3MsgRetrievalMimeFormat MAPI
Parameter Property Name Enabled/Disabled MsExchMapiEnabled Retention Hold
Parameter Property Name Enabled/Disabled MsExchRetentionHoldEnabled Start date Retention start date End date Retention end date Litigation Hold
Parameter Property Name Enabled/Disabled MsExchLitigationHoldEnabled Litigation hold duration MsExchLitigationHoldDuration Note Retention note URL Retention URL Archiving
Parameter Property Name Enabled/Disabled MsExchArchiveEnabled Archive database Archive database Quota value Archive quota Issue warning at Archive quota warning Mail Flow
Delivery Options
Parameter Property Name Forward to Forward to Deliver message to both forwarding address and mailbox Deliver and redirect Maximum recipients Recipient limit Message Size Restrictions
Parameter Property Name Sending message size Sent messages max size Receiving message size Received messages max size Message Delivery Restrictions
Parameter Property Name Accept Messages From section ms-Exch-RequireAuthToSendTo (Only senders inside my organization)
ms-Exch-Auth-Orig (List of senders to accept messages from)Reject Messages From section ms-Exch-Unauth-Orig Mail Flow Settings
Message Size Restrictions
Parameter Property Name Sending message size Sent messages max size Receiving message size Received messages max size Message Delivery Restrictions
Parameter Property Name Accept Messages From section ms-Exch-RequireAuthToSendTo (Only senders inside my organization)
ms-Exch-Auth-Orig (List of senders to accept messages from)Reject Messages From section ms-Exch-Unauth-Orig Delivery Management
Parameter Property Name Accept Messages From ms-Exch-RequireAuthToSendTo (Only senders inside my organization)
ms-Exch-Auth-Orig (List of senders to accept messages from)Reject Messages From ms-Exch-Unauth-Orig Message Approval
Parameter Property Name Messages sent to this group have to be approved by a moderator ms-Exch-Enable-Moderation Moderators ms-Exch-Moderated-By-Link Senders who don't require message approval ms-Exch-Bypass-Moderation-Link Notifications ms-Exch-Moderation-Flags Calendar Permissions
Parameter Property Name Permissions MsExchMailboxCalendarPermissions MailTip
Parameter Property Name MailTip MailTip Delegation
Parameter Property Name Send As MsExchSendAs Send on Behalf Delegates Full Access (Mailbox Rights) ms-Exch-Mailbox-Security-Descriptor Automatic Replies
Parameter Property Name Auto-Reply Configuration MsExchMailboxAutoReplyConfiguration Booking Delegates
Parameter Property Name Delegates MsExchResourceDelegates Forward meeting requests to delegates MsExchForwardRequestsToDelegates Booking Requests section MsExchInPolicyBookFrom,
MsExchInPolicyBookFromMode,
MsExchInPolicyRequestFrom,
MsExchInPolicyRequestFromMode,
MsExchInPolicyRequestsProcessingModeOut-of-Policy Requests section MsExchOutPolicyRequestFrom,
MsExchOutPolicyRequestFromModeBooking Policies
Parameter Property Name Allow conflicting meeting requests MsExchAllowConflicts Allow repeating meetings MsExchAllowRecurringMeetings Allow scheduling only during working hours MsExchScheduleOnlyDuringWorkHours Always decline if the end date is beyond the maximum booking lead time MsExchEnforceSchedulingHorizon Maximum booking lead time MsExchBookingWindowInDays Maximum duration MsExchMaximumDurationInMinutes Reply text for the meeting organizer MsExchMeetingOrganizerReply Send organizer information when a request is declined due to conflicts MsExchSendOrganizerInfoOnRequestDeclined Calendar Settings
Parameter Property Name Delete attachments MsExchDeleteAttachments Delete comments MsExchDeleteComments Delete the subject MsExchDeleteSubject Delete non-calendar items MsExchDeleteNonCalendarItems Add the organizer's name to the subject MsExchAddOrganizerToSubject Remove the private flag on accepted meetings MsExchRemovePrivateProperty Mark pending requests as Tentative MsExchTentativePendingApproval
Click OK.
-
-
Click Save changes.