ADDelegates - Frequently asked questions and answers

Absolutely not!

ADDelegates adds configuration settings to Active Directory objects called displaySpecifiers.

You can read more about them here:
http://technet.microsoft.com/en-us/library/bb727026.aspx

You should provide the credentials of a Domain Admin or equivalent, in order to perform changes in the Configuration partition of Active Directory.

This partition holds the objects called displaySpecifiers (see previous question).

ADDelegates requires the credentials in order to make the required changes during setup.

The credentials are sent securely to the domain controller for authentication and are discarded immediately after the configuration changes.

The privileged user is required only once. In the first installation of ADDelegates, or when upgrading to a newer version.

ADDelegates as an application only requires that you have .NET Framework 2.0 or above installed and any version of Windows above and including Windows XP SP2 but it also relies on Exchange Web Services functionality which is only available in Exchange Server 2007 environments on the CAS server role.

To read more about EWS visit the following link: http://msdn.microsoft.com/en-us/library/bb408417.aspx

ADDelegates uses Exchange Web Services (see the previous question) to manage mailbox delegates.

To be able to manage mailboxes you have to be granted the Exchange Recipient Administrator role but that’s not enough.

To allow for complete mailbox delegation EWS requires that you hold a permission called ms-Exch-May-Impersonate and for the CAS server to hold another permission called ms-Exch-EPI-Impersonation.

To make things easier we’ve created a PowerShell GUI utility to grant these permissions easily and with no effort. The utility is available within the program Start menu folder and it is supplied with each download of ADDelegates.

Our provided PowerShell utility uses the Exchange Server 2007 Management Snap-In to grant the appropriate server and mailbox permissions.

That means you have to run it either directly from the Exchange 2007 Server or from any machine that has the Exchange Server 2007 Management Tools installed.

This is mostly caused by two reasons:

1. The credentials provided in the “Active Directory Authentication” screen during the installation were not privileged for the Configuration partition in Active Directory.
2. You’re not using the default Active Directory Users and Computers snap-in. If you’ve created custom management snap-ins, you might need to create them again.

The Exchange Server 2007 Management Tools can be installed individually directly from the Exchange 2007 DVD media.

If you want a 32bit version of the tools for your management workstation, you can download them directly from Microsoft at the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=6be38633-7248-4532-929b-76e9c677e802&displaylang=en

As we’ve mentioned before, ADDelegates requires the managing users to have the Exchange Recipient Administrator role and the membership in this group is entirely up to the Exchange organization administrator.

The best about EWS impersonation is that it is valid only for EWS connections. It does not grant permission for MAPI connection (Outlook client) nor Outlook Web Access.

That means that ADDelegates does not require the managing user to have full mailbox access in order to configure delegate access !

ADDelegates relies on EWS and by default EWS in Exchange Server 2007 CAS has a 255 mailbox limit for single requests.

We’ve tried implementing a lot of features into ADDelegates so you don’t run into this limit but if you still do, here’s a link that explains all about it and a workaround:
http://msdn.microsoft.com/en-us/library/bb204081.aspx - read about the ConnectionPoolSize property in the EWS web.config file for a new maximum number of mailboxes that a single request can access.

Most of our tools are installed in secure server environments where Internet connectivity cannot be taken for granted.

That’s why we don’t provide any automatic updating functions in our products.

This might change in the future but for now all you have to do to find out if there is a new version available is to visit our website.

Customers who purchased our retail products are automatically added to our mailing list and receive email notifications about updates and news.

You can contact our sales department at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

They will consider each request and decide whether to provide you with a trial extension key.

ADDelegates uses a per user licensing method.

You have to purchase a single license for each user who is going to manage recipient mailboxes using ADDelegates.