Exchange Administration Delegation

In many cases, the people that will be administering your users will not be domain level administrators - they will have reduced rights to specifically admin certain areas such as account creation et al rather than the entire domain.

In this case, I added certain users to the Account Operators built in group, which grants them the rights to admin accounts but not carry out certain other tasks. However, they will not be able to carry out Exchange mailbox administration tasks by default, so you need to delegate these rights.

In Exchange System Manager -

1. Right Click the node at the top of the tree, which should read SOMETHING (Exchange)
2. Choose 'Delegate Control'
3. Click Next
4. Click Add
   
5. Choose the AD Group you wish to delegate control to, and choose the 'Exchange View Only Admin' role
6. Click Next until you finish

This will delegate enough privileges to the selected group to allow mailbox administration, but limit the user in what they can do within your AD structure and also within the Exchange server as well.

UPDATE: Microsoft have identified a problem with permissions when adding email addresses to users through the AD Users and Computers snap in - the users have to either be a member of the Local Admins group on the Exchange server, or if this is not possible then you have to grant the Account Operators built in group read and write permissions to the Microsoft Exchange System Attendant Service. See this Microsoft KB article - http://support.microsoft.com/?id=905809