Question : Remove Domain admin rights from viewing mail boxes in Exchange 2007

I just took over this IT shop and found out that the Domain Admin account has the ability to send on behalf and view all mail boxes. Now when I go to remove the domain admin from the individual mail boxes that are domain admins they lose connection to the mail server and can't connect to their own personal mail boxes.

How do I remove the domain admin right to view all boxes and not cause the actual admin issues connecting to their own email boxes?
Thanks

Answer : Remove Domain admin rights from viewing mail boxes in Exchange 2007

You may be able to do this, depending upon how the rights were granted.  If the rights to send as and receive as for all mailboxes was set at the mailbox store level, you can remove these rights without affect the rights of admins to their individual mailboxes.  Here's how to check:

1.  Open the ESM.
2.  Go to View/Advanced Features - this will cause the security tab to appear on all Exchange containers.
3.  Drill down to the Mailbox Store level, right-click and go to Properties.
4.  Click the Security tab and click Advanced.  If the rights here are inherited, then you will have to go up at least one level to the Server level to edit the permissions.
5.  Once you find the correct level, where the permissions are NOT inherited, edit the permissions of the Domain Admins group and change the Send as and Receive as permission to Deny.  This is the way is it by default, but some admins (myself included) will for various reasons change this to allow admins to open everyone's mailbox.