Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 RBAC - add permission to created user and add to security groups

Posted on 2010-09-02
4
Medium Priority
?
1,037 Views
Last Modified: 2012-05-10
I need to add permission to the built in Help Desk Role Group in Exchange 2010 so that my help desk staff can created users/mailboxes and add them to AD groups in an OU that is "staff.zorten.edu/mcc".

I need the syntax for the Exchange Management Shell since apparently there is no way to do this from the ECP.
0
Comment
Question by:every1isevil2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:J P
ID: 33592614
hello there

the default role group in Exchange 2010 is "Help Desk"
http://technet.microsoft.com/en-us/library/dd876949.aspx

the default role needed to create mailboxes is "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd876915.aspx

to set this permission can run the following command in shell:
New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd638202.aspx

cheers
0
 
LVL 4

Author Comment

by:every1isevil2
ID: 33592714
I want to limit the scope to a single OU.  Can you give me a sample syntax?
0
 
LVL 7

Expert Comment

by:Waseems
ID: 33592715
you need to delegate control for the helpdesk also in ou of active directory so they can create and manage user accounts in addition to adding the management role assignment in EMS
0
 
LVL 6

Accepted Solution

by:
J P earned 2000 total points
ID: 33593156
scoping can be done with an additional switch, try this one:

New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation" -RecipientOrganizationalUnitScope FQDN/YOUR_OU_NAME
http://technet.microsoft.com/en-us/library/dd351056.aspx
(expand section "Create a role assignment with an OU scope")
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question