How to allow people who aren't members of the Organization Management role group to install Exchange?
- Get link
- X
- Other Apps
Delegate the installation of an Exchange 2016 server
How to allow people who aren't members of the Organization Management role group to install Exchange?An Exchange administrator can provision a new server in Active Directory hours or even days before Exchange is installed on the new computer. After a server has been provisioned, the person doing the installation needs only to be a member of the Delegated Setup role group to install Exchange.
The Delegated Setup role group only allows members to install provisioned servers.
Normally, when Exchange is installed, the people installing Exchange need to be members of the Organization Management role group.
This is because when Exchange is installed, changes are made to Active Directory, and only Exchange administrators, who are members of the Organization Management role group, can make those changes. The following list shows the changes that are made:
- A server object is created in the CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<Root Domain> configuration partition.
- The following access control entries (ACEs) are added to the server object within the configuration partition for the Delegated Setup role group:
- Full Control on the server object and its child objects
- Deny access control entry for the Send As extended right
- Deny access control entry for the Receive As extended right
- Deny CreateChild and DeleteChild permissions for Exchange Public Folder Store objects
- The Active Directory computer account for the server is added to the Exchange Servers group.
- The server is added as a provisioned server in the Exchange Admin Center.
- At least one Exchange 2016 server has to already be installed before you can delegate the installation of additional servers. The person who installs the first server needs to be an Exchange administrator.
- A delegated user can't uninstall an Exchange server. To uninstall an Exchange server, you need to be an Exchange administrator.
The command that you need to use to provision the server depends on whether you're running Setup from the computer you're provisioning or whether you're running it from another computer. Choose the command in the following steps that matches where you're running Setup:
- Press the Windows key + 'R' to open the Run window.
- In Open, typecmd.exe, and then press Enter to open a Windows Command Prompt.
- If you're running Setup on the computer that's being provisioned, run the following command: Setup.exe /NewProvisionedServer /IAcceptExchangeServerLicenseTerms
- If you're running Setup on another computer, run the following command:
- Get link
- X
- Other Apps
Comments
Post a Comment