How-to: Delegate permissions to only create Exchange resource mailboxes using ActiveRoles Server
In order to create Exchange resource mailboxes, users must be granted the ability to create user accounts and manage Exchange resource mailboxes, which includes creation. This can be acheived by applying the following ActiveRoles Server Access Templates:
* Users - Create User Accounts
* Exchange - Manage Resource, Linked, and Shared Mailboxes
There are two built-in ActiveRoles Server templates that will provide the restricted ability to only create Resource Mailboxes in a targeted location.
In ActiveRoles Server, navigate to the OU that requires the delegation (i.e. Active Directory | mydomain.com | MyOU)
Step 1: Right-click the OU and click Delegate Control
Step 2: Click Add
Step 3: Click Next and then click Add
Step 4: Select the users, groups or OUs to delegate the control to; then click Add, then OK
Step 5: Click Next to select the Access Templates
Step 6: Expand Active Directory, scroll down and select "Users - Create User Accounts" (NOTE: Do NOT click Next)
Step 7: Scroll down | expand Exchange | select "Exchange - Manage Resource, Linked and Shared Mailboxes"
Step 8: Click Next and then click Next again on Inheritance Options
Step 9: Select "Propagate permissions to Active Directory" if applicable and then click Next
Step 10: Click Finish and then OK
Have the delegated user confirm Exchange Resource Mailbox creation.