Assign rbac to specific group does not take affect.

Status
Not open for further replies.
D

dingel

Hi All

I need to give my exchange admins the abillity to forward mail to other users.

i have tried to add the managmententry to a custom roll i made but it looks like dont having the affect.

this is the managment role entries after i customized it:

Name Role Parameters
---- ---- --------
Set-Mailbox Mail Recipients(Custom) {DeliverToMailboxAndForward, ForwardingAddress}
Connect-Mailbox Mail Recipients(Custom) {ActiveSyncMailboxPolicy, Alias, Archive, Confirm...}
Disable-InboxRule Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Disable-MailContact Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Disable-MailUser Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Disable-Mailbox Mail Recipients(Custom) {Arbitration, Archive, Confirm, Debug...}
Disable-ServiceEmailChannel Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Enable-InboxRule Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Enable-MailContact Mail Recipients(Custom) {Alias, Confirm, Debug, DisplayName...}
Enable-MailUser Mail Recipients(Custom) {Alias, Confirm, Debug, DisplayName...}
Enable-Mailbox Mail Recipients(Custom) {ActiveSyncMailboxPolicy, Alias, Arbitration, Archive...}
Enable-ServiceEmailChannel Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Get-ADServerSettings Mail Recipients(Custom) {Debug, ErrorAction, ErrorVariable, OutBuffer...}
Get-AcceptedDomain Mail Recipients(Custom) {DomainController, ErrorAction, ErrorVariable, Identity...}
Get-ActiveSyncDevice Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-ActiveSyncDeviceAccessRule Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-ActiveSyncDeviceStatistics Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-ActiveSyncMailboxPolicy Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-ActiveSyncOrganizationS... Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-CASMailbox Mail Recipients(Custom) {Anr, Credential, Debug, DomainController...}
Get-CalendarNotification Mail Recipients(Custom) {Credential, Debug, DomainController, ErrorAction...}
Get-CalendarProcessing Mail Recipients(Custom) {Anr, ErrorAction, ErrorVariable, Filter...}
Get-Contact Mail Recipients(Custom) {Anr, Credential, Debug, DomainController...}
Get-DomainController Mail Recipients(Custom) {Credential, Debug, DomainName, ErrorAction...}
Get-InboxRule Mail Recipients(Custom) {Debug, DescriptionTimeFormat, DescriptionTimeZone, DomainController...}
Get-LogonStatistics Mail Recipients(Custom) {Database, Debug, DomainController, ErrorAction...}
Get-MailContact Mail Recipients(Custom) {Anr, Credential, Debug, DomainController...}
Get-MailUser Mail Recipients(Custom) {Anr, Credential, Debug, DomainController...}
Get-Mailbox Mail Recipients(Custom) {Anr, Credential, Debug, DomainController...}
Get-MailboxAutoReplyConfigu... Mail Recipients(Custom) {Credential, Debug, DomainController, ErrorAction...}
Get-MailboxCalendarConfigur... Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-MailboxCalendarFolder Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-MailboxDatabase Mail Recipients(Custom) {Debug, DomainController, DumpsterStatistics, ErrorAction...}
Get-MailboxFolderPermission Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-MailboxFolderStatistics Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-MailboxJunkEmailConfigu... Mail Recipients(Custom) {Credential, Debug, DomainController, ErrorAction...}
Get-MailboxMessageConfigura... Mail Recipients(Custom) {Credential, Debug, DomainController, ErrorAction...}
Get-MailboxPermission Mail Recipients(Custom) {Credential, Debug, DomainController, ErrorAction...}
Get-MailboxRegionalConfigur... Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-MailboxSpellingConfigur... Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-MailboxStatistics Mail Recipients(Custom) {Archive, Database, Debug, DomainController...}
Get-ManagementRoleAssignment Mail Recipients(Custom) {AssignmentMethod, ConfigScopeRestriction, ConfigScopeRestrictionType, ConfigWriteScope...}
Get-MessageCategory Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-MessageClassification Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-OfflineAddressBook Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-OrganizationalUnit Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-OwaMailboxPolicy Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-PhysicalAvailabilityReport Mail Recipients(Custom) {DailyStatistics, Database, Debug, DomainController...}
Get-Recipient Mail Recipients(Custom) {Anr, BookmarkDisplayName, ErrorAction, ErrorVariable...}
Get-ResourceConfig Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-RoleAssignmentPolicy Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-SecurityPrincipal Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-ServiceAvailabilityReport Mail Recipients(Custom) {DailyStatistics, Debug, DomainController, EndDate...}
Get-ServiceStatus Mail Recipients(Custom) {Debug, DomainController, ErrorAction, ErrorVariable...}
Get-TextMessagingAccount Mail Recipients(Custom) {Credential, Debug, DomainController, ErrorAction...}
Get-Trust Mail Recipients(Custom) {Debug, DomainName, ErrorAction, ErrorVariable...}
Get-User Mail Recipients(Custom) {Anr, Credential, Debug, DomainController...}
Get-UserPrincipalNamesSuffix Mail Recipients(Custom) {Debug, ErrorAction, ErrorVariable, OrganizationalUnit...}
New-InboxRule Mail Recipients(Custom) {ApplyCategory, BodyContainsWords, Confirm, CopyToFolder...}
New-OwaMailboxPolicy Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Remove-ActiveSyncDevice Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Remove-InboxRule Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Remove-OwaMailboxPolicy Mail Recipients(Custom) {Confirm, Debug, DomainController, ErrorAction...}
Set-ADServerSettings Mail Recipients(Custom) {ConfigurationDomainController, Confirm, Debug, ErrorAction...}
Set-CASMailbox Mail Recipients(Custom) {ActiveSyncAllowedDeviceIDs, ActiveSyncBlockedDeviceIDs, ActiveSyncDebugLogging, ActiveSyncEnabled...}
Set-CalendarProcessing Mail Recipients(Custom) {AddAdditionalResponse, AdditionalResponse, AddNewRequestsTentatively, AddOrganizerToSubject...}
Set-Contact Mail Recipients(Custom) {AssistantName, City, Company, Confirm...}
Set-InboxRule Mail Recipients(Custom) {ApplyCategory, BodyContainsWords, Confirm, CopyToFolder...}
Set-LinkedUser Mail Recipients(Custom) {AllowUMCallsFromNonUsers, AssistantName, CertificateSubject, City...}
Set-MailContact Mail Recipients(Custom) {AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, Alias...}
Set-MailUser Mail Recipients(Custom) {AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, Alias...}
Set-MailboxAutoReplyConfigu... Mail Recipients(Custom) {AutoReplyState, Confirm, Debug, DomainController...}
Set-MailboxCalendarConfigur... Mail Recipients(Custom) {Confirm, Debug, DefaultReminderTime, DomainController...}
Set-MailboxCalendarFolder Mail Recipients(Custom) {Confirm, Debug, DetailLevel, DomainController...}
Set-MailboxJunkEmailConfigu... Mail Recipients(Custom) {BlockedSendersAndDomains, Confirm, ContactsTrusted, Debug...}
Set-MailboxMessageConfigura... Mail Recipients(Custom) {AfterMoveOrDeleteBehavior, AlwaysShowBcc, AlwaysShowFrom, AutoAddSignature...}
Set-MailboxRegionalConfigur... Mail Recipients(Custom) {Confirm, DateFormat, ErrorAction, ErrorVariable...}
Set-MailboxSpellingConfigur... Mail Recipients(Custom) {CheckBeforeSend, Confirm, DictionaryLanguage, ErrorAction...}
Set-User Mail Recipients(Custom) {AssistantName, CertificateSubject, City, Company...}
Test-MAPIConnectivity Mail Recipients(Custom) {Confirm, Debug, ErrorAction, ErrorVariable...}
Update-Recipient Mail Recipients(Custom) {Confirm, Credential, Debug, DomainController...}
the underlined entry is what i have added is this correct ?? becouse it doesnt work.

i have used this cmdlet :

set-ManagementRoleEntry " Mail Recipients(Custom)\set-mailbox" -Parameters DeliverToMailboxAndForward,ForwardingAddress

i have also tried to use with Add-ManagementRoleEntry the same thing happend -admins still dont have permissions.

Thanks
 
F

Frank.Wang

Hi dingel,

Do you want your Exchange admin to run the cmdlet Set-Mailbox with -ForwardingAddress?

How did you create the custom role( Mail Recipients(Custom))?

Like this one? New-ManagementRole -Name " Mail Recipients(Custom)" -Parent " Mail Recipients"

Please also run the cmdlet and post results here.

Get-ManagementRoleAssignment -Role " Mail Recipients(Custom)" | fl

Frank Wang
 
D

dingel

Hi Frank

Yes i did the same as New-ManagementRole -Name " Mail Recipients(Custom)" -Parent " Mail Recipients"
Get-ManagementRole " Mail Recipients(Custom)" | fl:

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
RoleEntries : {(Microsoft.Exchange.Management.PowerShell.E2010) Set-Mailbox -DeliverToMailboxAndForward -ForwardingAddress, (Microsoft.Exchange.Management.PowerShell.E2010) Connect-Ma
ilbox -ActiveSyncMailboxPolicy -Alias -Archive -Confirm -Database -Debug -DomainController -Equipment -ErrorAction -ErrorVariable -Identity -LinkedCredential -LinkedDoma
inController -LinkedMasterAccount -ManagedFolderMailboxPolicy -ManagedFolderMailboxPolicyAllowed -OutBuffer -OutVariable -Room -Shared -User -ValidateOnly -Verbose -Warn
ingAction -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) Disable-InboxRule -Confirm -Debug -DomainController -ErrorAction -ErrorVariable -For
ce -Identity -Mailbox -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) Disable-MailContact -Con
firm -Debug -DomainController -ErrorAction -ErrorVariable -Identity -IgnoreDefaultScope -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable -WhatIf...}
RoleType : MailRecipients
ImplicitRecipientReadScope : Organization
ImplicitRecipientWriteScope : Organization
ImplicitConfigReadScope : OrganizationConfig
ImplicitConfigWriteScope : OrganizationConfig
IsRootRole : False
IsEndUserRole : False
MailboxPlanIndex :
Description :
IsDeprecated : False
AdminDisplayName :
ExchangeVersion : 0.12 (14.0.451.0)
Name : Mail Recipients(Custom)
DistinguishedName : CN=Mail Recipients(Custom),CN=Mail Recipients,CN=Roles,CN=RBAC,CN=my domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=,DC=com
Identity : Mail Recipients(Custom)
Guid : a35f349f-b4e6-43a9-a220-a468f69697b0
ObjectCategory : corp.e.com/Configuration/Schema/ms-Exch-Role
ObjectClass : {top, msExchRole}
WhenChanged : 7/7/2010 9:48:55 PM
WhenCreated : 5/2/2010 2:08:53 PM
WhenChangedUTC : 7/7/2010 6:48:55 PM
WhenCreatedUTC : 5/2/2010 11:08:53 AM
OrganizationId :
OriginatingServer : gshqdc02.corp.com
IsValid : True

Get-ManagementRoleAssignment -Role " Mail Recipients(Custom)" | fl

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/HELPDESKTEAM
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-HELPDESKTEAM
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/HELPDESKTEAM
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope :
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : Organization
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : HELPDESKTEAM
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-HELPDESKTEAM
DistinguishedName : CN=Ma Recipients(Custom)-HELPDESKTEAM,CN=Role Assignments,CN=RBAC,CN=-,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : 31d67f56-f098-48e5-9029-3dc1406892a3
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 5/2/2010 2:10:33 PM
WhenCreated : 5/2/2010 2:10:33 PM
WhenChangedUTC : 5/2/2010 11:10:33 AM
WhenCreatedUTC : 5/2/2010 11:10:33 AM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/DE RECIPIENTS
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-DE RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/DE RECIPIENTS
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : DE USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : DE RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-DE RECIPIENTS
DistinguishedName : CN=Ma Recipients(Custom)-DE RECIPIENTS,CN=Role Assignments,CN=RBAC,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : 4cfa25fb-50c9-4cca-b57a-3edd9b7f3d7d
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 6/18/2010 2:12:13 PM
WhenCreated : 6/18/2010 2:12:13 PM
WhenChangedUTC : 6/18/2010 11:12:13 AM
WhenCreatedUTC : 6/18/2010 11:12:13 AM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/ES RECIPIENTS
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-ES RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/ES RECIPIENTS
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : ES USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : ES RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-ES RECIPIENTS
DistinguishedName : CN=Ma Recipients(Custom)-ES RECIPIENTS,CN=Role Assignments,CN=RBAC,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : 497ebe54-28c0-410d-9a84-b384ca59e061
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 6/20/2010 3:32:50 PM
WhenCreated : 6/20/2010 3:32:31 PM
WhenChangedUTC : 6/20/2010 12:32:50 PM
WhenCreatedUTC : 6/20/2010 12:32:31 PM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/PL RECIPIENTS
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-PL RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/PL RECIPIENTS
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : PL USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : PL RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-PL RECIPIENTS
DistinguishedName : CN=Ma Recipients(Custom)-PL RECIPIENTS,CN=Role Assignments,CN=RBAC,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : 9605790b-448a-423f-9388-87563447790a
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 6/21/2010 12:43:24 PM
WhenCreated : 6/21/2010 12:43:06 PM
WhenChangedUTC : 6/21/2010 9:43:24 AM
WhenCreatedUTC : 6/21/2010 9:43:06 AM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/FR RECIPIENTS
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-FR RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/FR RECIPIENTS
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : FR USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : FR RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-FR RECIPIENTS
DistinguishedName : CN=Ma Recipients(Custom)-FR RECIPIENTS,CN=Role Assignments,CN=RBAC,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : 429bb024-cebf-468f-bf07-7dec8bd2373e
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 6/24/2010 1:27:33 PM
WhenCreated : 6/24/2010 1:27:18 PM
WhenChangedUTC : 6/24/2010 10:27:33 AM
WhenCreatedUTC : 6/24/2010 10:27:18 AM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/UK RECIPIENTS
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-UK RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/UK RECIPIENTS
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : UK USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : UK RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-UK RECIPIENTS
DistinguishedName : CN=Ma Recipients(Custom)-UK RECIPIENTS,CN=Role Assignments,CN=RBAC,CN=EN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : 7be0bf37-d02f-4769-ad6a-15bc635a754e
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 6/24/2010 1:28:49 PM
WhenCreated : 6/24/2010 1:28:28 PM
WhenChangedUTC : 6/24/2010 10:28:49 AM
WhenCreatedUTC : 6/24/2010 10:28:28 AM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/SE RECIPIENTS
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-SE RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/SE RECIPIENTS
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : SE USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : SE RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-SE RECIPIENTS
DistinguishedName : CN=Ma Recipients(Custom)-SE RECIPIENTS,CN=Role Assignments,CN=RBAC,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : da378b23-d567-496b-9424-2e8f5d204de1
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 6/30/2010 7:51:51 PM
WhenCreated : 6/30/2010 7:51:51 PM
WhenChangedUTC : 6/30/2010 4:51:51 PM
WhenCreatedUTC : 6/30/2010 4:51:51 PM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

RunspaceId : 3c0a2a04-f4a8-4c23-806b-c01b8adb81c7
User : corp.domain.com/Microsoft Exchange Security Groups/CH RECIPIENTS
AssignmentMethod : Direct
Identity : Ma Recipients(Custom)-CH RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp.domain.com/Microsoft Exchange Security Groups/CH RECIPIENTS
Role : Ma Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : CH USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : CH RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Ma Recipients(Custom)-CH RECIPIENTS
DistinguishedName : CN=Ma Recipients(Custom)-CH RECIPIENTS,CN=Role Assignments,CN=RBAC,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=domain,DC=com
Guid : e6ff507c-dcbf-4f43-9aa9-4993731ce8ec
ObjectCategory : corp.domain.com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 7/1/2010 11:44:32 AM
WhenCreated : 7/1/2010 11:44:17 AM
WhenChangedUTC : 7/1/2010 8:44:32 AM
WhenCreatedUTC : 7/1/2010 8:44:17 AM
OrganizationId :
OriginatingServer : gshqdc02.corp.domain.com

Thanks Frank
 
B

Blackuke

I am sure this is a bug in E14 RTM, which I think is addressed in SP1. could be wrong though :)
 
D

dingel

Hi Blackuke

Yes i thought so too,but how can we know for sure?

Thanks
 
F

Frank.Wang

Hi dingel,

I think you want to assign the " Mail Recipients(Custom)" to Role Group(eg:HELPDESKTEAM), but from the output

Get-ManagementRoleAssignment -Role " Mail Recipients(Custom)" | fl

Role : Ma Recipients(Custom)

The name of role is not the same as which one you created.

Frank Wang
 
D

dingel

Hi Frank

I dont have a role called Ma Recipients(custom).

it is a copy error:

RunspaceId : 511e14ee-3351-4206-b04c-c47a25fd1fc2
User : corp..com/Microsoft Exchange Security Groups/CH RECIPIENTS
AssignmentMethod : Direct
Identity : Mail Recipients(Custom)-CH RECIPIENTS
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : corp..com/Microsoft Exchange Security Groups/CH RECIPIENTS
Role : Mail Recipients(Custom)
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope : CH USERS MANAGEMENT SCOPE
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : CustomRecipientScope
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : CH RECIPIENTS
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Mail Recipients(Custom)-CH RECIPIENTS
DistinguishedName : CN=Mail Recipients(Custom)-CH RECIPIENTS,CN=Role Assignments,CN=RBAC,C
prings,DC=com
Guid : e6ff507c-dcbf-4f43-9aa9-4993731ce8ec
ObjectCategory : corp..com/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 7/1/2010 11:44:32 AM
WhenCreated : 7/1/2010 11:44:17 AM
WhenChangedUTC : 7/1/2010 8:44:32 AM
WhenCreatedUTC : 7/1/2010 8:44:17 AM
OrganizationId :
OriginatingServer : gshqdc02.corp..com
 
F

Frank.Wang

Hi dingel,

You also create a custom scope " CH USERS MANAGEMENT SCOPE " .

I want to know how your Exchange admin manage end users, using EMS or EMC?

And is there any error/warning messages?

If you just assign the Role to Role Group, without Scope, can they manage the users?

Frank Wang
 
D

dingel

Hi Frank

I have created for each country managment scope that is binded to the country ou.

each managmnet role is recipent root it is the ou of the same country.

i do not have any trouble becouse each admin can manage only his ou and nothing else.

when sp1 will come i can limit them only to a specific db's.

i think we are going out of scope here,the problem is that i cannot add a simple managment role entry to a custom entry(forword to email adress).

all other functions works prefectlly.

Thanks
 
F

Frank.Wang

The problem is that i cannot add a simple managment role entry to a custom entry(forword to email adress).
Hi dingel,

Well,let's talk it at begining. If you want you admin can only run the cmdlet Set-Mailbox with parameter DeliverToMailboxAndForward, ForwardingAddress, it is right to create a custom role Mail Recipients(Custom), after creating the custom role, the custom role will be inherited all of cmdlets and parameters from Parent role, so you should MODIDY(not add) the Role Entry.

And the cmdlet which you have already run :

set-ManagementRoleEntry " Mail Recipients(Custom)\set-mailbox" -Parameters DeliverToMailboxAndForward,ForwardingAddress

But there is a problem. I guess your admin is still in default role policy, because of this, admin can still run the cmdlet Set-Mailbox with other parameters (eg: identity).

So if you want to meet you need, maybe you should test as belowed:

1, Set the admin's role policy with $null

Set-Mailbox " admin" -RoleAssignmentPolicy $NULL

2, modify the custom role to include the parameter " identity"

set-ManagementRoleEntry " Mail Recipients(Custom)\set-mailbox" -Parameters Identity,DeliverToMailboxAndForward,ForwardingAddress

After this ,please test it in EMS.

Frank Wang
 
D

dingel

Hi Frank

I did everything you said but the part with " Set-Mailbox " admin" -RoleAssignmentPolicy $NULL" i didnt get.

i have created the managment role and removed totally the set-mailbox cmdlet,and then i modify with :

set-ManagementRoleEntry " Mail Recipients(Custom)\set-mailbox" -Parameters Identity,DeliverToMailboxAndForward,ForwardingAddress

could you be more specific what do you mean by set admins role policy with null.

my admins have this role they can do anything accept setting this forword address.

p.s -Identity is part of the managment role alaready.

Thanks
 
F

Frank.Wang

Hi dingel,

Setting the admin Role policy with Null is just a test to confirm that you need to also

Set-ManagementRoleEntry with parameter " identity" .

If you use cmdlet Get-ManagementRoleEntry " *\set-mailbox" , you can find that the cmdlet(set-mailbox) is also included in the End User Role: MyBaseOptions & My ProfileInformation.

Since you have already done it, so do you test to set the ForwardingAddress?

I test it in my lab. I can set the forwardaddress in EMS. But in EMC, this is locked.

Maybe you should add other parameters in the RoleEntry " Mail Recipients(Custom)\set-mailbox" .

Frank Wang
 
D

dingel

Hi Frank

That exactly what i meant it is locked on emc but open on the ems.

since my admins have little knoledge of powershell i need to allow them to use only the emc.

so it is a bug?

Thanks
 
F

Frank.Wang

Hi dingel,

Not yet. After testing several times, I find that you should also add parameter " IgnoreDefaultScope" to the RoleEntry.

Please run the cmdlet Set-ManagementRoleEntry " Mail Recipients(Custom)\set-mailbox" -Parameters IgnoreDefaultScope -Addparameter

and try again.

Frank Wang
 
D

dingel

Hi Frank

I will do it but,the role will still be a custom scope,i mean it will still be binded to ou that i set earlier

i dont want the admins managing diffrent ou accept there own ou

after i will make the change it will still stay like that?

Thanks Frank
 
D

dingel

Hi Frank

You got it,it is working perfectlly thank you very much for your time and effort

btw i have checked it and it working only on custom scopped exactly what i needed.

thank you very much great.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
R Assign Categories "Round Robin" style but in a shared mailbox but on specific emails only Outlook VBA and Custom Forms 8
P Auto assign shared mailbox Outlook VBA and Custom Forms 1
D Assign categories to outgoing emails Outlook VBA and Custom Forms 0
F How to assign a task to a public task folder? Using Outlook 1
A How to assign the value returned by the regex execute function to a variable? Using Outlook 1
soadfan assign category (VBA) Using Outlook 7
Diane Poremsky Assign one task to several people New Slipstick.com Articles 0
Diane Poremsky Assign an Email Account to an Outlook Contact New Slipstick.com Articles 0
E for Mac: Assign Task not available!? Using Outlook 1
E Outlook VBA to print attached Pdf to a fax printer and assign fax number Using Outlook 0
A Assign a unique number to every message I send Using Outlook 0
Z assign unique number email Using Outlook 8
T How to Assign Retention Tags for Notes Items in Exchange/Outlook 2010? Exchange Server Administration 0
L Can you use Exchange 2010 to control which users may or may not assign tasks to other users in Outlo Exchange Server Administration 2
N Assign Task from shared Task folder error Using Outlook 3
Q Don't have right permissions to assign "send as" rights in Exchange 2010 SP1 Exchange Server Administration 7
I Outlook 2010 Archiving Assign Policy Greyed out Using Outlook 1
C How do you assign a color to emails that are only colorized if received from a specific person? Using Outlook 2
F Any way to add emails to favourites or assign shortcuts to them? Using Outlook 5
M I have added an Assign Task button to a cutom group in the Tasks Ribbon. When I click on it I get a Using Outlook 3
P Can I Assign Outlook Tasks to a Public Folder? Using Outlook 1
P Can I Assign Put a Public Folder on a Tasks's Update List? Using Outlook 5
C Y i cannot assign service to the newly added EXCHANGE certificate? Exchange Server Administration 6
C How to assign certificate(s) to an CAS array? Exchange Server Administration 1
C how should i assign an SSL certificate to a CAS array? Exchange Server Administration 2
A Outlook 2010 - assign a color category to email Using Outlook 2
D Update List clears after sending to assign person. Using Outlook 1
D assign & accept tasks using an IMAP email system Using Outlook 2
M Re: Exchange 2010 Resource forest - How do you assign permissions to share linked mailboxes? Exchange Server Administration 3
M Exchange 2010 Resource forest - How do you assign permissions to share linked mailboxes? Exchange Server Administration 7
L When I assign a group permissions to a public folder in exchange 2010 the members of the group don't Exchange Server Administration 6
B Exchaneg 2010 SP1 Possible Bug, Cannot create move to archive retention tag on inbox, but can create a new one and edit and assign inbox to it Exchange Server Administration 3
J Assign a signature by external or internal reciepents. Outlook VBA and Custom Forms 1
P VBA to assign category on calendar item does not work ?? why ?? Outlook VBA and Custom Forms 5
S assign task programmatically Outlook VBA and Custom Forms 2
C Cannot assign a task from a public folder? Outlook VBA and Custom Forms 4
C Assign To and CC list while using Redemption.dll library Outlook VBA and Custom Forms 10
C How to assign icon to a button in Outlook Add-in Outlook VBA and Custom Forms 1
N RBAC for Full Access & Send-As Exchange Server Administration 3
T RBAC Error on UM/CAS Servers Exchange Server Administration 2
S RBAC for Mail quota increase Exchange Server Administration 2
A RBAC authorization returns Access Denied for user Exchange Server Administration 5
F Re: Restricting Database Access Using RBAC Exchange Server Administration 4
B Re: Restricting Database Access Using RBAC Exchange Server Administration 3
M ECP and RBAC aren't working Exchange Server Administration 4
C RBAC Cross Domain issues Exchange Server Administration 8
L Canot access RBAC as administrator Exchange Server Administration 18
R 500 internal server error - Role based Access Control (RBAC) User Editor Exchange Server Administration 2
J Advanced RBAC - restricting delegate configuration Exchange Server Administration 1
C Custom RBAC question Exchange Server Administration 3
Similar threads


















































Top