From: Transam388 on 6 Jan 2010 11:56
Did not see quite where this might fit in the security area so will post here.
This is the deal. We have one of those domains that is just so locked down
that many common operations such as editing user attributes or SMTP address
cannot be done when a user account is moved outside our particular OU. We
have an OU where our division has rights and we can do what we need. Now
what goes on is users are moved out of our OU yet still have a mailbox on our
Exchange 2007 server and many times I need to make changes yet am unable to.
Is there a way to basically set a secuirty policy that would allow our OU
admins to edit user accounts / mailbox attributes for any user regardless of
what OU they are in if that user has a mailbox located on a specific Exchange
server located in our OU?
Caveat being if there is no mailbox on an Exchange system in our particular
OU the original security should stay in place and we cannot edit those users.
So, user mailbox on our Exchange allow edit any user regardless of OU.
If no mailbox on our Exchange and user ID is outside our OU original
security stays as it was.