Configuring role-based access control
In the early days, securing access to Exchange was relatively easy: either you had permissions to make configuration changes or you did not. The problem with this model is that you don't have a very granular way of deciding who can do what. In smaller environments where there's a single person or team managing everything from AD to Exchange, this approach would probably work pretty well. However, larger environments often have different teams managing different parts of the infrastructure. Especially when the AD admin isn't the one who also manages Exchange, having too many permissions could become a problem.
Previously, when the management of Active Directory and Exchange were split across different persons or teams, one had to use delegation of permissions in Active Directory to make this work. For those who have worked with delegation in Active Directory: it isn't very easy and requires a lot of planning to set up and work to maintain.
This is where...
