You are here: Home / Tutorials / Delegating Setup for Exchange Server 2010 Installation

Delegating Setup for Exchange Server 2010 Installation

December 10, 2009 by 2 Comments

Exchange Server 2010 allows an administrator to provision a new Exchange server and then delegate the actual setup of that server to another account.  This is useful in scenarios such as large organizations where the Exchange administrators want to delegate the installation of Exchange to a branch site administrator or an outside contractor.

You cannot delegate the setup of the first Exchange server in the organization, but you can delegate the setup of any further Exchange servers that are being deployed.

Thanks to Exchange 2010′s Role-Based Access Control (RBAC) there is a built-in group for delegating setup of pre-provisioned servers, named the “Delegated Setup” role group.  By default this group has no members.

[PS] C:\>Get-RoleGroupMember "Delegated Setup"
[PS] C:\>

Add a user to this role group to allow them to install provisioned servers.

[PS] C:\>Add-RoleGroupMember "Delegated Setup" -Member paul

[PS] C:\>Get-RoleGroupMember "Delegated Setup"

Name                                                        RecipientType
----                                                        -------------
Paul Cunningham                                             User

Members of this role group can install provisioned servers but not configure or manage them. For those tasks they would also need to be added to the “Server Management” role group.

Now the new Exchange server can be provisioned by an Exchange administrator using Setup.com and the /NewProvisionedServer parameter.

[PS] C:\>setup.com /NewProvisionedServer:ex2.exchangeserverpro.local

Welcome to Microsoft Exchange Server 2010 Unattended Setup

Preparing Exchange Setup

No server roles will be installed

Performing Microsoft Exchange Server Prerequisite Check

    Organization Checks              ......................... COMPLETED

Configuring Microsoft Exchange Server

    Provisioning a new server        ......................... COMPLETED

The Microsoft Exchange Server setup operation completed successfully.

The new server has now been provisioned in Active Directory but not actually installed.

adsiedit

Now the account that was made a member of the “Delegated Setup” role group can deploy the new server by running Setup as normal (Note: they will still need to be a local administrator on the server to install the pre-requisites and the Exchange Server application itself).

Filed Under: Tutorials Tagged:

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Connect with Paul on Twitter and Google+.

Comments

  1. Mustafa says:
    February 2, 2010 at 1:44 am

    Hi Paul,

    we use Microsoft Provisioning System (MPS) to provision the mail domains between different business organizations on the same Exchange machine (Exchange Server 2003). Has the new provision feature of Exchange Server 2010 the same or better options than MPS? You mean perhaps, we don’t need any more MPS for provisioning?

    Best Regards
    Mustafa

    Reply

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.
Loading...

Still running Exchange 2003? Time to get moving and start your upgrade. Find out how - Click Here