Exchange 2010/2013 Split Permissions

Hi Readers,

There is an interesting concept related to split permissions that has been introduced in Exchange 2010/2013.

Three Permissions Models are present:

  • Shared Permission Model
  • Split Permissions (Active Directory)
  • Split Permissions (RBAC)

By default Shared Permission Model is applied which means that either Active Directory or Exchange Management tools are used for creation of objects in AD. Role Groups Recipient Management and Organization Management have those rights.

Split Permissions (Active Directory)  Model brings the complete segregation between Exchange & Active Directory. Exchange Admins will  not be able to create AD Objects , There is no RBAC role for this.

Split Permissions (RBAC) Model modifies the existing Shared model & remove the permissions from exchange administrator role groups. Mail Recipient Creation & Security Group Creation and Membership role is removed from the Recipient Management and Organization Management role groups. AD administrators are provided RBAC for creating security principles, Exchange Administrators are able to modify exchange properties.


Tech Wizard



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s