In some cases you would like to delegate your trustee permissions (Access Templates) to create Active Directory users and groups, but you would like to deny them to create a mailbox.
ActiveRoles Server does not have built-in Access Templates that you could use to delegate trustee to perform user and group creation without the ability to establish a n Exchange mailbox.
Create a custom Access Template where you should specify set deny on “edsaIsMsExchangePresent” attribute.
To create such an AT follow steps below:
NOTE: When this AT delegated to trustee for creating a new user account without having permissions to create a mailbox “Exchange Mailbox AutoProvisioning” policy object MUST be configured and applied to OU where delegated users should create Active Directory users and groups. Exchange Mailbox AutoProvisioning policy object should be configured NOT to create user mailbox by default. How to configure this option, please see below: