![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 4%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
7,925 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi @Shafaqat Ali,
Now we need to create the admin who can create and see just a users for the domain he is assigned to
If in Active Directory you have four separate organization units for each of these domains, in Exchange you can refer to the following documentation to create a custom scope to only allow the admin to be able to manage one specific organization unit:
Understanding management role scopes
However, to my knowledge it may not be possible to restrict admins from seeing other domains' users, but they will have no permission to manage these users.
Below is an example:
1.create a custom scope to only allow writing to the domain1 OU
2.create a role group and select this scope, add Mail Recipient creation role to allow creating mailboxes, add an admin to this group
3.when this admin tries to create a mailbox in other OU than the domain1 OU, he gets an error that this is out of his write scope
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.