Permissions required for mailbox moves


Beginning with Exchange Server 2003 SP1, there are two methods for moving mailboxes depending on the organization mode in which your Exchange environment is operating.

If you are in mixed mode, the Move Mailbox Task will present you with two options:

- Same Administrative Group Move

- Cross Administrative Group Move

If you are in native mode, you can move a mailbox within and between administrative groups.

Mixed Mode Cross Administrative Group Mailbox Move Permissions

To move mailboxes across the administrative group boundary while operating in mixed mode, the Exchange administrator must have:

- The Exchange delegated role, Exchange Administrator (or higher), on the source and destination administrative groups.

- If you are moving mailboxes from an Exchange 5.5 server, then you will need the Exchange delegated role, Admin (or higher) on the 5.5 site and configuration contexts that contain the mailboxes (this is granted through the Exchange 5.5 Administrator program).

- The Exchange delegated role, Exchange View Only Administrator role (or higher) delegated at the organization level to read the properties of the ADC Configuration Connection Agreements to determine the target administrative group's responsible SRS.

- The Exchange delegated role, Admin (or higher) on the source 5.5 site and the 5.5 site that contains the target administrative group's SRS (this is granted through the Exchange 5.5 Administrator program).

The Exchange Administrator must be a local administrator on the workstation which is being used to perform the Move Mailbox task. In addition, the Exchange Administrator must have Read and Write access to the following user or inetOrgPerson object attributes:

- homeMDB (Exchange Mailbox Store)

- homeMTA

- msExchHomeServerName (Exchange Home Server)

- targetAddress

- msExchADCGlobalNames

- proxyAddresses

- legacyExchangeDN

Mixed Mode Same Administrative Group and Native Mode Mailbox Move Permissions

To move mailboxes, the Exchange administrator must have the Exchange delegated role, Exchange Administrator (or higher), on the source and destination administrative groups.

The Exchange Administrator must be a local administrator on the workstation which is being used to perform the Move Mailbox task. In addition, the Exchange Administrator must have Read and Write access to the following user or inetOrgPerson object attributes:

- homeMDB (Exchange Mailbox Store)

- homeMTA

- msExchHomeServerName (Exchange Home Server)

- targetAddress

- msExchOmaAdminWirelessEnable (This attribute is removed if you are moving a mailbox to a server running Exchange Server 5.5 or Exchange 2000 Server.)

- msExchOmaAdminExtendedSettings (This attribute is removed if you are moving a mailbox to a server running Exchange Server 5.5 or Exchange 2000 Server.

- Ross Smith IV

Skip to main content