This behavior is by design. It provides Exchange administrators the flexibility to manage attributes on Exchange Server objects that are consistent with their role as an Exchange administrator. In a split permissions configuration, Exchange Server applies a permissions model that does not grant servers the ability to create or modify security principals in the directory. This does not apply to the Active Directory Split Permissions model. This is done to make sure that the rights are passed on to all applicable objects.Įxchange Server does not currently make use of the Inherit Only flag when DACL propagation is evaluated. Because these objects can exist anywhere in the domain hierarchy, Exchange Server grants rights to servers that are running Exchange Server at the root of the domain. This includes the ability to modify Discretionary Access Control Lists (DACLs) in some instances.
Therefore, it must be able to modify attributes that are related to Exchange Server-enabled objects. This gives Exchange Server an elevated level of directory permission.Įxchange Server is a directory services-enabled application. You are running Exchange Server by using the Shared Permissions Model that is installed by default for Exchange Server.Īccess Control Entries are put into the Active Directory forest. Exchange Server 2010 Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 Tovább.
0 kommentar(er)
