Exchange 2010 RBAC - add permission to created user and add to security groups

I need to add permission to the built in Help Desk Role Group in Exchange 2010 so that my help desk staff can created users/mailboxes and add them to AD groups in an OU that is "staff.zorten.edu/mcc".

I need the syntax for the Exchange Management Shell since apparently there is no way to do this from the ECP.
LVL 4
every1isevil2Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
J PConnect With a Mentor Commented:
scoping can be done with an additional switch, try this one:

New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation" -RecipientOrganizationalUnitScope FQDN/YOUR_OU_NAME
http://technet.microsoft.com/en-us/library/dd351056.aspx
(expand section "Create a role assignment with an OU scope")
0
 
J PCommented:
hello there

the default role group in Exchange 2010 is "Help Desk"
http://technet.microsoft.com/en-us/library/dd876949.aspx

the default role needed to create mailboxes is "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd876915.aspx

to set this permission can run the following command in shell:
New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd638202.aspx

cheers
0
 
every1isevil2Author Commented:
I want to limit the scope to a single OU.  Can you give me a sample syntax?
0
 
WaseemsCommented:
you need to delegate control for the helpdesk also in ou of active directory so they can create and manage user accounts in addition to adding the management role assignment in EMS
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.