In our company I would like to grant a specific user (I'll call him John for now) merely the permissions to create a mail-enabled user.
Therefor, I have created a new OU, delegated control on that OU for John toCreate, Delete And Manage User Accounts in that specific OU. I tested these permissions by creating a user account, logged on as John. So far, so good.
In Exchange, I've created a new RBAC group, named "Create mailboxes". That group has the role "Mail Recipient Creation" assigned. I adedd John to this group, so he's allowed to create all mailboxes (well, heshould be).
However, when I log on to the Exchange Management Console with Johns credentials, and try to add a mailbox to an Existing User, it returns the error:
-------------------------------------------------------
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:00
Peter Failed
Error:
The term 'Enable-Mailbox' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Exchange Management Shell command attempted:
Enable-Mailbox -Identity 'mydomain.local/NewUsers/Peter' -Alias 'Peter.Petrelli'
Elapsed Time: 00:00:00
-------------------------------------------------------
When I add the role 'Mail Recipients' to the RBAC group "Create Mailboxes", everything goes ok and the mailbox is created.
What am I doing wrong? What permissions need to be set, in addition to the roleMail Recipients Creation, so that I do not need to add the role Mail Recipients?
Thanks in advance.
Christian Gude, blogging at www.itexperience.net