Microsoft Subnet An independent Microsoft community View more

The Exchange Control Panel (ECP) in Exchange 2010

Performing Administrative Tasks in Outlook Web App

New to Exchange 2010 is the Exchange Control Panel, or ECP.  This is a component of Outlook Web App 2010 where an administrator can sit in their OWA screen and not only check their emails, calendar appointments, and contacts, but can perform administrative tasks.  So instead of the administrator having to find a computer and terminal server remote into a system to add a user, delete a user, make configuration changes in public folders, delegate administration or the like, the administrator can now run those tasks straight within OWA 2010.

The ECP is primarily targeted to be used by

End users—Personnel granted the authority to self-manage aspects of their accounts such as the ability to track messages they have sent and received, create and manage distribution lists, or edit aspects of their personal account information.

Hosted tenants—Tenant administrators for hosted customers.

Specialists—Personnel such as Help Desk operators, Department Administrators, and eDiscovery Administrators who have had the appropriate level of access delegated by administrators.

The ECP can be accessed through Outlook Web Access 2010 by logging into OWA and selecting the Options link. It can also be accessed directly via a URL which, by default, is located at   https://CASServerName/ecp

The Exchange Control Panel (ECP) is a web-based management console that can be accessed from web browsers that have no Exchange specific client-side software installed. It can be accessed from the same Internet browsers that are support the Outlook Web Access premium client—Internet Explorer 7+, Mozilla Firefox, and Apple Safari 3+. This AJAX-based application is built into the Client Access Server role in an Exchange environment and, although it shares some code with OWA, it is a separate application.

It is important to note the Exchange Control Panel is RBAC-aware, meaning that administrative options are available only to those who have the appropriate permissions to utilize them.  ECP can show a user logged in with full administrative access several administrative tasks (note the Select What to Manage option in the top-left corner and the Manage your Organization option in the bottom-right corner) which shows the same interface as viewed by a standard user.

By default, the standard user does have the ability to self-administer his account, as shown by the Edit link that when clicked allows the user to modify his Account Information. This default ability can be removed (or limited to certain fields only) using RBAC. For example

  • If a user has been restricted from message tracking, that button does not appear in the ECP.

  • If a user can edit mailboxes, but not create new ones, the New mailbox button will not display, but the Details button does.

  • If users are allowed to edit their department but not their display name, the display name is visible but grayed out and read-only.

After an administrator elects to manage My Organization, the four main components of the Exchange Control Panel display, as shown in 18.6. These components are:

  • UI Scope Control—At the top of the screen, identified by the text stating “elect What to Manage (and the drop-down box beside it), the UI Scope Control enables those with the appropriate RBAC permissions to select whether they want to manage themselves, their organization, or another user.

  • Primary Navigation Panel—To the left of the screen is the Primary Navigation panel, enabling the administrator to select which area of administration she wants to work with.

  • Secondary Navigation Panel—Next to the Primary Navigation Panel and identified by icons in the figure labeled Mailboxes, Groups, External Contacts, and so on, is the Secondary Navigation Panel, which enables the user to further specify the area to administer.

  • The Slab—At the bottom of the pane, identified in the figure by the list of Display Names and E-mail addresses, is the slab  the list of items that can be administered based on the preceding selections.

Creating a New Mailbox in the Exchange Control Panel

Creating a new mailbox in the Exchange Control Panel is so easy that it’s hardly worth the time to explain it. However, because the ECP is brand new, this section runs through the process to show how quick and easy it is.

To create a new mailbox user in the Exchange Control Panel, perform the following steps:

  1. Log in to the OWA server with administrative credentials.

  2. From the OWA page, select Options.

  3. Select Manage Your Organization.

  4. Ensure My Organization is selected in the UI Scope Control, Users & Groups is selected in the Primary Navigation Panel, and Mailboxes is selected in the Secondary Navigation Panel.

  5. Click the New Mailboxes icon.

  6. On the New Mailbox page, enter the information for the new account. Those marked with asterisks (*) are required fields. An example of the New Mailbox page

  7. When finished, click the Save button.

The ECP passes the information on to the CAS server, which, in turn, uses Remote PowerShell commands to perform the actual operation and create the account.

Creating Distribution Groups in the ECP

New in Exchange Server 2010 is the ability to create and manage distribution lists from within the Exchange Control Panel web interface.

Before we discuss the process, there are a few items to note:

  • Although both Mail Universal Distribution Groups and Mail Universal Security Groups are visible from within the ECP, there is no noticeable differentiation between the two.

  • All distribution groups created from within the ECP are created as Mail Universal Distribution Groups; there is no option to create a security group.

  • Dynamic Distribution Groups are not visible from within the ECP, nor can new ones be created there.

To create a new distribution group in the ECP, perform the following steps:

  1. Connect to the ECP by logging into OWA as an administrator and selecting the Options page, clicking Manage Your Organization, and selecting the Groups icon. Alternatively, you can go directly to https://{CAS server name}/ecp and authenticating through OWA.

  2. Under Groups, click the New button.

  3. In the New Group window complete the following fields:

  • Display Name—(Required)—This name must be unique in the domain. This is the name that displays in the address book and on the To: line when mail is sent to the group. The display name should be user-friendly to help people recognize the purpose or membership of the group

  • Alias—(Required)—This is the name portion of the e-mail address that appears to the left of the @ symbol. The alias must be unique in the domain and, because it is part of the e-mail address, cannot contain any spaces.

  • Description—(Not Required)—This description populates the Notes field for the object. This descriptive name can be viewed by employees who view the properties of the distribution list. If populated, the field should describe the purpose or membership of the group.

  • Ownership—(Required)—Owners can add members to the group, approve or reject requests to join, and approve or reject messages sent to the group.

By default, the person creating the group is added as a group owner. If an administrator creates the group at the request of an employee, the administrator can add the employee as an owner and then remove herself.

  • Membership—(Not Required)—By default, all group owners are added as group members. If this behavior is not desired, deselect the check box for this option. Add or remove members to the group as desired.

  • Membership Approval—(Required)—New to distribution groups in Exchange Server 2010 is the ability for users to self-manage their distribution lists, joining those that interest them and leaving those that don’t.

During the creation of the distribution group using the ECP, the following options are available:

  • Owner Approval—Open—Anyone can join the group without being approved by the group owners.

  • Owner Approval—Closed—Members can be added only by the group owners. All requests to join will be rejected automatically.

  • Owner Approval—Owner Approval—All requests are approved or rejected by the group owners.

  • Group Open to Leave—Open—Anyone can leave the group without being approved by the group owners.

  • Group Open to Leave—Closed—Members can be removed only by the group owners. All requests to leave will be rejected automatically.

After all fields have been populated and all options selected, click Save to create the distribution group.

Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies