Exchange 2010 RBAC - add permission to created user and add to security groups

Posted on 2010-09-02
Last Modified: 2012-05-10
I need to add permission to the built in Help Desk Role Group in Exchange 2010 so that my help desk staff can created users/mailboxes and add them to AD groups in an OU that is "".

I need the syntax for the Exchange Management Shell since apparently there is no way to do this from the ECP.
Question by:every1isevil2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

by:J P
ID: 33592614
hello there

the default role group in Exchange 2010 is "Help Desk"

the default role needed to create mailboxes is "Mail Recipient Creation"

to set this permission can run the following command in shell:
New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation"


Author Comment

ID: 33592714
I want to limit the scope to a single OU.  Can you give me a sample syntax?

Expert Comment

ID: 33592715
you need to delegate control for the helpdesk also in ou of active directory so they can create and manage user accounts in addition to adding the management role assignment in EMS

Accepted Solution

J P earned 500 total points
ID: 33593156
scoping can be done with an additional switch, try this one:

New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "Mail Recipient Creation" -RecipientOrganizationalUnitScope FQDN/YOUR_OU_NAME
(expand section "Create a role assignment with an OU scope")

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question