Add An Administrator To Exchange 2013 / 2016

Written by Allen White on. Posted in Exchange 2013, Exchange 2016

Exchange 2013 and Exchange 2016 Administration is a lot more granular than in previous version of Microsoft Exchange. Now we can assign groups or user to a lot more individual roles. View the table at the end of this article for a full list of roles and permissions. We will first add a user to be a full Administrator to Exchange 2013 / 2016 ( Organization Management Role ). This guide also applies to adding an administrator to Office 365 Exchange

 Make A User An Exchange 2013 / 2016 Organization Manager

In the Exchange Admin Center we need to choose permissions.

exchange 2013 permissions

Then you will need to select the Organization Management Role as tis is the group you add users to who you want to be able to fully manage the Exchange 2013 organization. Then select the PENCIL ( EDIT) sign to start the add user wizard.

list of exchange 2013 organization roles

You will now be editing the Organization Management Role, you will see this screen. Scroll down to members and click + to add the user you want to add to the role.

Add members to management role

One the select members screen simply select the user and then select Add  then OK. The user will now be a member of your role you selected.

add user to exchange role

Then you are back to the Role Group screen, click save to complete the process. By using the table below you will be able to configure your Exchange 2013 Administration Roles to be as granular as you require.

Exchange 2013 and Exchange 2016 Administration Roles

 

Role Permisson Information
Compliance Managment
Data Loss Prevention
Information Rights Management
Retention Management
View-Only Audit Logs
View-Only Configuration
View-Only Recipients
This role group will allow a specified user, responsible for compliance, to properly configure and manage compliance settings within Exchange in accordance with their policy.
Delegated Setup View-Only Configuration Members of this management role group have permissions to install and uninstall Exchange on provisioned servers. This role group shouldn’t be deleted.
Discovery Managment
Legal Hold
Mailbox Search
Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.
Help Desk
User Options
View-Only Recipients
Members of this management role group can view and manage the configuration for individual recipients and view recipients in an Exchange organization. Members of this role group can only manage the configuration each user can manage on his or her own mailbox. Additional permissions can be added by assigning additional management roles to this role group.
Hygience Managment
ApplicationImpersonation
Receive Connectors
Transport Agents
Transport Hygiene
View-Only Configuration
View-Only Recipients
Members of this management role group can manage Exchange anti-spam features and grant permissions for antivirus products to integrate with Exchange.
Organization Managment FULL PERMISSIONS Members of this management role group have permissions to manage Exchange objects and their properties in the Exchange organization. Members can also delegate role groups and management roles in the organization. This role group shouldn’t be deleted.
Public Folder Managment
Mail Enabled Public Folders
Public Folders
Members of this management role group can manage public folders. Members can create and delete public folders and manage public folder settings such as replicas, quotas, age limits, and permissions as well as mail-enable and mail-disable public folders.
Recipient Managment
Distribution Groups
Mail Recipient Creation
Mail Recipients
Message Tracking
Migration
Move Mailboxes
Recipient Policies
Team Mailboxes
Members of this management role group have rights to create, manage, and remove Exchange recipient objects in the Exchange organization.
Records Managment
Audit Logs
Journaling
Message Tracking
Retention Management
Transport Rules
 Members of this management role group can configure compliance features such as retention policy tags, message classifications, transport rules, and more.

 

Role Permisson Information
Server Management
Database Copies
Databases
Exchange Connectors
Exchange Server Certificates
Exchange Servers
Exchange Virtual Directories
Monitoring
POP3 And IMAP4 Protocols
Receive Connectors
Transport Queues
This role group will allow a specified user, responsible for compliance, to properly configure and manage compliance settings within Exchange in accordance with their policy.
UM Management
UM Mailboxes
UM Prompts
Unified Messaging
Members of this management role group have permissions to manage all Exchange servers within the Exchange organization, but members don’t have permissions to perform operations that have global impact in the Exchange organization.
View Only
Monitoring
View-Only Configuration
View-Only Recipients
Members of this management role group can manage Unified Messaging organization, server, and recipient configuration.

 

 
Allen White
Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

ITPS provides strategic IT consultancy, implementation, data centre provision and unified communications, as well as support services and workspace and disaster recovery. If you require a consultation then please contact me via the contacts section or direct on 07931222991, add me on linkedin. https://uk.linkedin.com/in/allenwhiteconsultant0001

Tags:

Comments (2)

  • Sasha Odarchuk

    |

    Hi. I have installed E2013 CU1 and i have only 1 domain_admin (administrator – default account). During Exchange setup was selected option “Apply Active Directory split permission security model to the Exchange organization” and now i can’t create new users in ECP 🙁
    What do I need to do to get this role?

    Reply

    • Allen White

      |

      Hi Sasha, do you get any particular errors?

      Reply

Leave a comment

Categories

(c) Techieshelp.com. Please be aware, all information is provided freely, any information used is done so at your risk and Techieshelp will not be held responsible for any issue that may occur.
!-- BuySellAds On-Site Shopping Cart -->