You are the Exchange administrator for your company. The company operates a main office and one branch office. The network consists of a single Active Directory domain.
Exchange Server 2003 is used as the messaging system. Exchange servers are deployed in two separate Exchange administrative groups. One administrative group exists in each office.
You manage both offices. An IT administrator manages the users and resources in the branch office.
You need to enable the IT administrator to manage the objects in the Exchange administrative group in the branch office.
The IT administrator must not have the ability to modify permissions for the administrative group.
What should you do?
A.
Create a new organizational unit (OU). Place all Exchange servers in the branch office in the new OU. Delegate control over all computer objects in the OU to the IT administrator.
B.
Make the IT administrator a local administrator on all Exchange servers in the branch office’s administrative group.
C.
In the branch office’s administrative group, delegate the role of Exchange Full Administrator to the IT administrator.
D.
In the branch office’s administrative group, delegate the role of Exchange administrator to the IT administrator.
Explanation:
Exchange Administrator
When you assign a user or a group Exchange Administrator permissions, the user or the
group can fully administer Exchange Server computer information. A user who has
Exchange Administrator permissions has the following rights:
Organization Rights:
* All permissions (except for Change permissions) on the MsExchConfiguration container (this object and its subcontainers).
* Deny Receive-As permissions and Send-As permissions on the Organization container (this object and its subcontainers).
Administrative Group Rights:
* Read, List object, and List contents permissions on the MsExchConfiguration container (this object only).
* Read, List object, and List contents permissions on the Organization container (this object and its subcontainers).
* All permissions (except for Change, Deny Send-As, and Deny Receive-As permissions) on the Administrator Group container (this object and its sub-containers).
* All permissions (except for Change permissions) on the Connections container (this object and its subcontainers).
* Read, List object, List contents, and Write properties permissions on the Offline Address Lists container (this object and its subcontainers).
Reference
Working with ActiveDirectory Permissions in Exchange Server2003