Active Directory Permissions role
Applies to: Exchange Server 2013
Active Directory Permissions management role enables administrators to configure Active Directory permissions in an organization. Some features that use Active Directory permissions or an access control list (ACL) include transport Receive and Send connectors, and Send As and Send on behalf of permissions for mailboxes.
Permissions set directly on Active Directory objects may not be enforced through Role Based Access Control (RBAC).
Default management role assignments
This role has role assignments to one or more role assignees. The following table indicates whether the role assignment is regular or delegating, and also indicates the management scopes applied to each assignment. The following list describes each column:
- Regular assignment: Regular role assignments enable the role assignee to access the permissions provided by the management role entries on this role.
- Delegating assignment: Delegating role assignments give the role assignee the ability to assign this role to role groups, users, or USGs.
- Recipient read scope: The recipient read scope determines what recipient objects the role assignee is allowed to read from Active Directory.
- Recipient write scope: The recipient write scope determines what recipient objects the role assignee is allowed to modify in Active Directory.
- Configuration read scope: The configuration read scope determines what configuration and server objects the role assignee is allowed to read from Active Directory.
- Configuration write scope: The configuration write scope determines what organizational and server objects the role assignee is allowed to modify in Active Directory.
Default management role assignments for this role
|Role group||Regular assignment||Delegating assignment||Recipient read scope||Recipient write scope||Configuration read scope||Configuration write scope|