Solved

Exchange 2010 RBAC - add permission to created user and add to security groups

Posted on 2010-09-02
4
995 Views
Last Modified: 2012-05-10
I need to add permission to the built in Help Desk Role Group in Exchange 2010 so that my help desk staff can created users/mailboxes and add them to AD groups in an OU that is "staff.zorten.edu/mcc".

I need the syntax for the Exchange Management Shell since apparently there is no way to do this from the ECP.
0
Comment
Question by:every1isevil2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:J P
ID: 33592614
hello there

the default role group in Exchange 2010 is "Help Desk"
http://technet.microsoft.com/en-us/library/dd876949.aspx

the default role needed to create mailboxes is "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd876915.aspx

to set this permission can run the following command in shell:
New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd638202.aspx

cheers
0
 
LVL 4

Author Comment

by:every1isevil2
ID: 33592714
I want to limit the scope to a single OU.  Can you give me a sample syntax?
0
 
LVL 7

Expert Comment

by:Waseems
ID: 33592715
you need to delegate control for the helpdesk also in ou of active directory so they can create and manage user accounts in addition to adding the management role assignment in EMS
0
 
LVL 6

Accepted Solution

by:
J P earned 500 total points
ID: 33593156
scoping can be done with an additional switch, try this one:

New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation" -RecipientOrganizationalUnitScope FQDN/YOUR_OU_NAME
http://technet.microsoft.com/en-us/library/dd351056.aspx
(expand section "Create a role assignment with an OU scope")
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now