I am on a quest to discover what the most stringent AD permissions I can grant to people are and right now I am working through the process of granting the user administration team the right to manage granting the Exchange rights "Send As" and "Full Access" for user mailboxes.
There is a shockingly light amount of information about this on the Internet. The Exchange blogs seem to focus on granting wide and generous permissions.
One thing that makes this a bit more complicated for us is that we have moved our AD administration into Quest ActiveRoles, while our Exchange administration is still in Active Directory.
At this point, the best I have found is that to grant the ability to Send As, the permissions that seem to work is to make the administrator a member of the "Exchange Recipient Administrators" group and to grant that group the "modify permissions" right on the AD user objects.
I have a feeling there is a stricter right that can be applied but I have not found it yet.
I am still on the search for the ability to grant the "full access" rights.... One day!!!
