Managing Recipient Objects and Address Lists

These questions are derived from the Self Test Software Practice Test for Microsoft exam #70-284 – Implementing and Managing Microsoft Exchange Server 2003

Objective: Managing Recipient Objects and Address Lists
SubObjective: Manage user objects

Multiple Answer, Multiple Choice

Your company’s network consists of a single Active Directory domain and two sites. One site includes the network in the central office, and the other site includes the network in the branch office. You are responsible for administering the entire network. You are planning to deploy Exchange Server 2003. You will create a new Exchange organization and install Exchange servers in both sites.

You will be in charge of the Exchange organization, but another administrator named Paul will perform day-to-day management tasks in the branch office. Paul should be able to create, delete and manage user and group accounts for employees in the branch office, create and delete mailboxes and perform other routine administrative tasks on the Exchange servers in the branch office. You want Paul to be the only user in the branch office who is allowed to perform these tasks; you do not want Paul to be able to delegate any of his responsibilities to any other user.

Which of the following should you do? (Choose two. Each correct answer is part of the solution.)

  1. Assign Paul the permissions to manage users and groups in the branch office site.
  2. Run the Delegation of Control wizard on the branch office site, and assign Paul the Exchange Full Administrator role for the site.
  3. Place the user accounts of all the branch office users into an OU, and assign Paul the permissions to manage the users and groups in the OU.
  4. Install all Exchange servers for the branch office in a new routing group, and assign Paul the Full Control permission for that routing group.
  5. Move all Exchange servers for the branch office into a new routing group, and assign Paul to the Exchange View Only Administrator role for that routing group.
  6. Install all Exchange servers for the branch office in a new administrative group, and assign Paul to the Exchange Administrator role in that administrative group.

Answer:
C. Place the user accounts of all the branch office users into an OU, and assign Paul the permissions to manage the users and groups in the OU.

E. Move all Exchange servers for the branch office into a new routing group, and assign Paul to the Exchange View Only Administrator role for that routing group.

Tutorial:
To enable Paul to manage users and groups in the branch office, you should create an organizational unit (OU), move the user accounts of the employees who work in the branch office into that OU, and assign Paul the appropriate permissions for that OU. You can assign those permissions directly by modifying the ACL for the OU, or you can run the Delegation of Control Wizard on the OU and delegate Paul’s user account the Create, delete and manage user accounts and Create, delete and manage groups tasks.

To enable Paul to manage Exchange servers in the branch office, you should install the Exchange servers for the branch office in a new administrative group, run the Exchange Administration Delegation wizard on that administrative group and add Paul’s user account to the Exchange Administrator role. Additionally, you should add Paul’s user account to the local Administrators group on each Exchange server in the branch office.

Users cannot be directly associated with Active Directory sites. Consequently, you cannot assign Paul permissions to manage users and groups in a site. You cannot directly delegate control or assign permissions for a routing group. In an Exchange organization, authority can be assigned only at the organization and administrative group levels. In Exchange System Manager, you can run the Exchange Administration Delegation wizard on the organization container or on an administrative group container and assign a user or group to one of three roles. Exchange Full Administrator has full authority at the specified level, Exchange Administrator can perform all administrative tasks, except changing Exchange administrative permissions, and Exchange View Only Administrator has read-only access to Exchange information. The Delegation of Control wizard can be used to delegate administrative tasks for Active Directory domains, sites and OUs; it cannot be used to assign users to Exchange administrative roles.

Reference:
1. Exchange Server 2003 Administration Guide – Managing an Exchange Organization – Managing Permissions, pp. 60-65.

2. Windows Server 2003 Online Help – Contents
– Active Directory – Concepts – Administering Active Directory – Delegating administration.

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: