Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1042
  • Last Modified:

Exchange 2010 RBAC - add permission to created user and add to security groups

I need to add permission to the built in Help Desk Role Group in Exchange 2010 so that my help desk staff can created users/mailboxes and add them to AD groups in an OU that is "staff.zorten.edu/mcc".

I need the syntax for the Exchange Management Shell since apparently there is no way to do this from the ECP.
0
every1isevil2
Asked:
every1isevil2
  • 2
1 Solution
 
J PCommented:
hello there

the default role group in Exchange 2010 is "Help Desk"
http://technet.microsoft.com/en-us/library/dd876949.aspx

the default role needed to create mailboxes is "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd876915.aspx

to set this permission can run the following command in shell:
New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation"
http://technet.microsoft.com/en-us/library/dd638202.aspx

cheers
0
 
every1isevil2Author Commented:
I want to limit the scope to a single OU.  Can you give me a sample syntax?
0
 
WaseemsCommented:
you need to delegate control for the helpdesk also in ou of active directory so they can create and manage user accounts in addition to adding the management role assignment in EMS
0
 
J PCommented:
scoping can be done with an additional switch, try this one:

New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation" -RecipientOrganizationalUnitScope FQDN/YOUR_OU_NAME
http://technet.microsoft.com/en-us/library/dd351056.aspx
(expand section "Create a role assignment with an OU scope")
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now