I want to give permission to
User A only to create mailbox in exchange 2010, apart from creating mailbox user should not be able to make any changes to exchange server.
To do that, go to
Exchange
Management
Console...Toolbox...Role Based Access Control (RBAC)
You can either create new Role Group or use existing "Recipient Management" make sure you remove all other Assigned Roles except "Mail Recipient Creation" only in case you don't want user to create or do anything else as in my case.
Once it's done, log in to the exchange server and make sure you only see Organization Configuration and Recipient Configuration in Exchange Management Console.
In my case User A will be logging to the server through RDP not directly to the server. User A logged in to exchange server successfully and when he opened EMC, he got credential pop up, after entering the credentials, he go the below error message.
Technical it shouldn't give this error (as far as the exchange server permission concerns), but the error is talking about Windows and not Exchange. I checked UAC (User Access Control) and found that it was set to Always notify. I set it to Never notify (disable) and restarted the server.
After the restart, User A logged in to the server and now he can open the EMC successfully and can only see Organization and Recipient Configuration. Created few Test Mailbox and it worked like the way it should be.
Cheers,