Forum Discussion
Do Exchange administrators have to be system administrators on Exchange servers?
When we talk about Split permission model in AD (when installing Exchange) an Exchange Admin need not be a System Administrator, because in large scale industries wherein you have dedicated professionals to do the Work on AD and similarly on Exchange too.
In your case when ACL's are concerned, Yes - Microsoft doesn't support modified ACL's during Installation. but it is always recommended to split inter Permissions between Exchange Regular work, like messaging/Core mailflow administration, and Database activities, etc, versus the Regular Server maintenance work , like Patching and other updation etc which is more or less related to a System Admin work which would go to AD Folks.
By Default while installation , Organization Management Role Group becomes a Local Admin on the dedicated Exchange Servers in your Directory and no separate Local System permissions are needed on the Servers.
Cheers !
Ankit Shukla
"In your case when ACL's are concerned, Yes - Microsoft doesn't support modified ACL's during Installation. "
What does that mean? Who would modify ACLs during installation? The issue is that there are files that Exchange admins apparently need access to which they cannot access since the ACLs the installer sets exclude any Exchange groups. Do Microsoft support changing the ACLs after installation?ajbrehm Yes you can modify the ACL's for your specific need when Exchange Admin need to access something beyond there access placed on an Exchange Server. But i do believe as i said earlier, Exchange Admin Role Group (Org Mgmt) would give them Admin access on the Server, but it may vary with AD Split Permissions model in large scale organizations. And Yes, Microsoft will support the modified ACL's even after installation too. Sorry for the type in earlier post
Cheers !
Ankit Shukla
Thank you very much! Can you point to an official Microsoft document that specifies that Exchange with modified ACLs is supported by Microsoft?
