Scott Schnoll posted on the Microsoft Exchange Team Blog the other day regarding the proper tools to use when managing an Exchange Server 2007 Cluster.
Yes, there is some confusion. If you research the topic on Microsoft’s website, documentation clearly says to use the Move-ClusteredMailboxServer cmdlet. Most of us in the industry just took that and ran with it. But, there is a problem here. Every other single application that runs on Windows Server 2003 server clustering can be fully managed using the Cluster Administrator tool or the cluster.exe command line. Exchange Server 2007 is a bit different when dealing with Clustered Continuous Replication (CCR).
Using the Cluster Administrator MMC, it is easy to properly delegate permissions so that operators and other non-administrators can perform basic tasks when managing clustered applications. The Exchange Server 2007 Management Shell (EMS), does not provide that ease of delegation. I can honestly say that I sure don’t want to be giving Exchange Administrator permissions to non-Exchange administrators. That is opening up a can of worms and it would be impossible to get them all back in again.
Please take a few minutes and read Scott’s blog. It is extremely helpful, but at the same time, it really underlines a serious management problem. He states, “One of the reasons we recommend using Exchange tools to manage clustered mailbox servers is that, while Exchange is cluster-aware, the cluster tools are not Exchange-aware.” I see a potential problem here for many organizations. There really isn’t a good way to delegate permissions to an operations type of team to allow them to do Exchange Server 2007 clustered mailbox moves without giving them too many other permissions in the Exchange environment.
Right now, I have to say that I am a bit peeved. OK, maybe that is too strong, but I am extremely concerned about how this should be best handled.