Outlook Web App > For Exchange Online Administrators > Assign Roles and Permissions in Exchange Online > Administrator Role Groups in Exchange Online >

Give Users the Ability to Reset Passwords in Live@edu

Applies to: Live@edu

Topic Last Modified: 2010-05-24

 

Wouldn't it be great if you could give help desk personnel permission to reset forgotten passwords without giving them access to other administrative functionality in your organization? You have several options:

  • Add the help desk personnel to the Help Desk role group   By default, the Reset Password role is assigned to the Help Desk role group. But note: the Help Desk role group includes these additional roles:
    • User Options   This role allows users to access the Options page of other users for troubleshooting purposes. Here's how: Access Another User's Options Page
    • View-Only Recipients   This role allows the user to see the configuration of all mailboxes, mail users, mail contacts, groups, and dynamic distribution groups. The help desk personnel can see the object configurations, but they can't modify anything.

If this additional scope works for your organization, you don't have to do anything else.

Too much power?

What if you think that the additional roles give too much power to the help desk personnel? You have these options:

Add the help desk personnel to the Help Desk role group

  1. In the Exchange Control Panel, select Manage My Organization > Roles & Auditing > Administrator Roles.
  2. Select the Help Desk role group, and then click Details.
  3. Under Members, click Add.
  4. In the Select Members dialog box, select one or more users. You can search for users by typing all or part of a display name, and then clicking Search icon. You can also sort the list by clicking the Display Name or E-Mail Address column headings.
  5. Click Add.
  6. Click OK to return to the role group page.
  7. Click Save to save the change to the role group.

The new member is displayed under Members in the details pane for the selected role group.

Back to top

Optional step: Remove the extra roles from the Help Desk role group

  1. Select Manage My Organization > Roles & Auditing > Administrator Roles.
  2. Select the Help Desk role group, and then click Details.
  3. Under Roles, select User Options, and click Remove. Then select View-Only Recipients and click Remove.
  4. Click Save to save the changes to the role group.

Back to top

Assign the Help Desk role to a new role group

  1. Select Manage My Organization > Roles & Auditing > Administrator Roles.
  2. Click New.
  3. Enter the following information:
    • Name   For example, "Custom Reset Passwords".
    • Description   For example, "A custom role group created to allow users to reset passwords only".
    • Roles   Click Add, select Reset Password, click Add, and click OK.
    • Members   Click Add, select the users, click Add, and click OK.
  4. Click Save.

When users are added to the role group, they can reset users' passwords.

Back to top

Next steps