XADM: How to Give Users the Permissions to Create a Mail-Enabled User in Active Directory (283271)

MORE INFORMATION

To complete the procedures described in this section, you must have a functioning two-way Connection Agreement between the Exchange Server 5.5 computer and Windows 2000 Active Directory.

First, give the user or group read-only permissions on the Microsoft Exchange container:

1. Log on as a domain administrator, and then start the Active Directory Sites and Services snap-in.
2. Click Show Services on the View menu.
3. Click to expand Services, and then click Microsoft Exchange.
4. Open the properties of the Microsoft Exchange object, and then click the Security tab.
5. Click Add, click the user or group that you want to give permissions to, click OK, and then click OK.

Next, give the user or group the appropriate permissions to access the Active Directory Connections container:

1. Open the properties of the Active Directory Connections container.
2. Click the Security tab, click Add, click the user or group that you gave read-only permissions to in the preceding procedure, and then click OK.
3. Click Advanced on the Security tab.
4. Find the user or group that you gave read-only permissions to, click View/Edit, and then click This object and all child objects in the Apply Onto box.
5. Click OK, click OK, and then click OK.

Finally, make the user or group a member of the Account Operators Built-in group so that they can create user accounts:

1. Start the Active Directory Users and Computers snap-in.
2. Click to expand your domain, and then click the Built-in container.
3. Double-click the Account Operators group, and then click the Members tab.
4. Click Add, click the user or group that you want to make a member of this group, click OK, and then click OK.