|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Exchange 2007 in a different Admin Group?We have a mixed 2003 and 2007 Exchange Org. When adding Exchange 2007 to an
original 2003 Org it adds it's Exchange Administrative Group with all the 2007 servers in it. Can an Exchange 2007 server once loaded be moved to an existing 2003 Admin group or have another group created and move it as a single server into that one group with only 2007 servers? Essentially want to grant some rights to the admin group but not include all 2007 Exchange servers in that same group. - No, you cannot move between Administrative Groups (in Exchange Server
2003/2000) - need to uninstall Exchange and resinstall it. - In Exchange Server 2007, there are no Administrative Groups on the surface. Under the hood you will see all Exchange 2007 servers in one AG - this is for backward compatiblity with 2000/2003. Exchange Server 2007 servers should not be moved out of the AG and RG they are in. This isn't possible to do using any of the admin tools (EMC/EMS/Ex2003 ESM) either. -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: exchangepedia.com/blog ---------------------------------------------- Show quote "Transam388" <Transam***@discussions.microsoft.com> wrote in message news:92CDEF08-8637-489A-9E97-55BC32707EF0@microsoft.com... > We have a mixed 2003 and 2007 Exchange Org. When adding Exchange 2007 to > an > original 2003 Org it adds it's Exchange Administrative Group with all the > 2007 servers in it. Can an Exchange 2007 server once loaded be moved to > an > existing 2003 Admin group or have another group created and move it as a > single server into that one group with only 2007 servers? Essentially > want > to grant some rights to the admin group but not include all 2007 Exchange > servers in that same group. Also important to note, Exchange Server 2007 does not use Administrative
Groups for admin purposes or to assign permissions. Changes in the Administration and Permissions Model http://technet.microsoft.com/en-us/library/bb266972.aspx Permission Considerations http://technet.microsoft.com/en-us/library/2964c198-e624-46a1-ad3b-2e4f529466e3.aspx -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: exchangepedia.com/blog ---------------------------------------------- Show quote "Bharat Suneja [MVP]" <bharat@nospam.org> wrote in message news:OoCLCcnFIHA.3672@TK2MSFTNGP02.phx.gbl... >- No, you cannot move between Administrative Groups (in Exchange Server >2003/2000) - need to uninstall Exchange and resinstall it. > - In Exchange Server 2007, there are no Administrative Groups on the > surface. Under the hood you will see all Exchange 2007 servers in one AG - > this is for backward compatiblity with 2000/2003. Exchange Server 2007 > servers should not be moved out of the AG and RG they are in. This isn't > possible to do using any of the admin tools (EMC/EMS/Ex2003 ESM) either. > -- > Bharat Suneja > MVP - Exchange > www.zenprise.com > NEW blog location: > exchangepedia.com/blog > ---------------------------------------------- > > > "Transam388" <Transam***@discussions.microsoft.com> wrote in message > news:92CDEF08-8637-489A-9E97-55BC32707EF0@microsoft.com... >> We have a mixed 2003 and 2007 Exchange Org. When adding Exchange 2007 to >> an >> original 2003 Org it adds it's Exchange Administrative Group with all the >> 2007 servers in it. Can an Exchange 2007 server once loaded be moved to >> an >> existing 2003 Admin group or have another group created and move it as a >> single server into that one group with only 2007 servers? Essentially >> want >> to grant some rights to the admin group but not include all 2007 Exchange >> servers in that same group. > On Wed, 24 Oct 2007 12:27:03 -0700, Transam388
<Transam***@discussions.microsoft.com> wrote: >We have a mixed 2003 and 2007 Exchange Org. When adding Exchange 2007 to an No. Exchange 2007 doesn't have admin groups. Leave them alone and use>original 2003 Org it adds it's Exchange Administrative Group with all the >2007 servers in it. Can an Exchange 2007 server once loaded be moved to an >existing 2003 Admin group or have another group created and move it as a >single server into that one group with only 2007 servers? Essentially want >to grant some rights to the admin group but not include all 2007 Exchange >servers in that same group. two admin models until you migrate away. It's only an admin group as seen from 2003. Once you don't have any 2003 servers you won't "see" any AG. Well this is really the issue. We have gotten an email compliance package
that states it works in a 2003 / 2007 mixed environment. We have our original admin group with our 2003 servers in it but we are migrating to 2007 and hence the other 2007 AG. Now they claim they need full admin rights on the Admin group that the server sits in. There is no way our organization will let that happen and that is why I asked if it was possible to move. Thanks for your replies!! Not what I wanted to hear but at least it answers the question. Show quote "Mark Arnold [MVP]" wrote: > On Wed, 24 Oct 2007 12:27:03 -0700, Transam388 > <Transam***@discussions.microsoft.com> wrote: > > >We have a mixed 2003 and 2007 Exchange Org. When adding Exchange 2007 to an > >original 2003 Org it adds it's Exchange Administrative Group with all the > >2007 servers in it. Can an Exchange 2007 server once loaded be moved to an > >existing 2003 Admin group or have another group created and move it as a > >single server into that one group with only 2007 servers? Essentially want > >to grant some rights to the admin group but not include all 2007 Exchange > >servers in that same group. > > No. Exchange 2007 doesn't have admin groups. Leave them alone and use > two admin models until you migrate away. > It's only an admin group as seen from 2003. > Once you don't have any 2003 servers you won't "see" any AG. > On Wed, 24 Oct 2007 13:13:01 -0700, Transam388
<Transam***@discussions.microsoft.com> wrote: >Well this is really the issue. We have gotten an email compliance package Then you are dealing with a bunch of muppets at the compliance package>that states it works in a 2003 / 2007 mixed environment. We have our >original admin group with our 2003 servers in it but we are migrating to 2007 >and hence the other 2007 AG. Now they claim they need full admin rights on >the Admin group that the server sits in. There is no way our organization >will let that happen and that is why I asked if it was possible to move. >Thanks for your replies!! Not what I wanted to hear but at least it answers >the question. > >"Mark Arnold [MVP]" wrote: vendor. Who is it? Let's see if we can't put them right. Well I don't want to cause trouble but this is with Mimosa and the product is
Nearpoint. To me way to many products are now wanting keys to the kingdom instead of actually being security aware and allowing just one server to be managed even when in a group of other servers. My other issue is just how these rights somehow always seem to be stated as a "No problem" when talking to companies before buying and then it comes to a "Oh yea, you can load it but 3/4 of it won't work now". Show quote "Mark Arnold [MVP]" wrote: > On Wed, 24 Oct 2007 13:13:01 -0700, Transam388 > <Transam***@discussions.microsoft.com> wrote: > > >Well this is really the issue. We have gotten an email compliance package > >that states it works in a 2003 / 2007 mixed environment. We have our > >original admin group with our 2003 servers in it but we are migrating to 2007 > >and hence the other 2007 AG. Now they claim they need full admin rights on > >the Admin group that the server sits in. There is no way our organization > >will let that happen and that is why I asked if it was possible to move. > >Thanks for your replies!! Not what I wanted to hear but at least it answers > >the question. > > > >"Mark Arnold [MVP]" wrote: > > Then you are dealing with a bunch of muppets at the compliance package > vendor. Who is it? Let's see if we can't put them right. > On Wed, 24 Oct 2007 13:54:02 -0700, Transam388
<Transam***@discussions.microsoft.com> wrote: >Well I don't want to cause trouble but this is with Mimosa and the product is Nah. Someone is leading you slightly astray. Do you want to email me>Nearpoint. > >To me way to many products are now wanting keys to the kingdom instead of >actually being security aware and allowing just one server to be managed even >when in a group of other servers. My other issue is just how these rights >somehow always seem to be stated as a "No problem" when talking to companies >before buying and then it comes to a "Oh yea, you can load it but 3/4 of it >won't work now". your details and I think I can get someone to give you the correct scoop. Fret not, it'll come right. Thanks a TON! Email has been sent.
Show quote "Mark Arnold [MVP]" wrote: > On Wed, 24 Oct 2007 13:54:02 -0700, Transam388 > <Transam***@discussions.microsoft.com> wrote: > > >Well I don't want to cause trouble but this is with Mimosa and the product is > >Nearpoint. > > > >To me way to many products are now wanting keys to the kingdom instead of > >actually being security aware and allowing just one server to be managed even > >when in a group of other servers. My other issue is just how these rights > >somehow always seem to be stated as a "No problem" when talking to companies > >before buying and then it comes to a "Oh yea, you can load it but 3/4 of it > >won't work now". > > Nah. Someone is leading you slightly astray. Do you want to email me > your details and I think I can get someone to give you the correct > scoop. > Fret not, it'll come right. > > Having seen your email and the documentation and for the benefit of
people who do a search for Mimosa and Nearpoint and documentation: I don't think 4.9.1 para 1 needs to be Organization wide. You should try it by server and see what functionality drops off, if any. You don't need to do anything with 4.9.2. So all I see is a disagreement between the documentation saying it's an Org wide change and the probability that a server change needs to be done. Worst case this is fixed easily by denying the ability of the service account to log onto the Exchange servers you're not protecting. Pretty easy from where I sit and a non issue. The vendors aren't muppets but the documentation could be a little less cluttered. Anyway, just sit tight and the guy I've sent your message to will come through to you with the genuine scoop.  |
|||||||||||||||||||||||
Other interesting topics