Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need correct permissions settings for Exchange 2010 RBAC for Mailbox Creation and UM Enable functionality only.

Posted on 2011-02-22
4
Medium Priority
?
1,796 Views
Last Modified: 2012-05-11
Hello,

** Exchange 2010 SP1 **

I have created an Administrator Role called "Mailbox and UM User Management".
Assigned the follwing roles:

Distribution Groups
Mail Recipient Creation
UM Mailboxes

Write scope set to Default.

I assigned one member to this Role for testing.

-----------------------------------------------------------------------------------------------------------------

When opening EMS, I am unable to enable a mailbox for an exisiting user. I get the following error when I open powershell and type: Enable-Mailbox

"The term 'Enable-Mailbox' is not recognized as the name of a cmdlet..."

I found by adding the user to the "Exchange Recipient Administrators" allowed me to Mailbox enable a user, BUT

I am still unable to UM enable a user

I need to restrict that users to be able to create mailboxes, UM Enable and manage UM settings.

It seems the permissions/ roles are not correct, or I would be able to run that command. Anyone have this experience and know how to resolve this?
0
Comment
Question by:Glenn M
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 32

Accepted Solution

by:
Rodney Barnhardt earned 2000 total points
ID: 34955598
This link should be helpful. If you scroll toward the bottom, the management console will show you what groups have which permissions. This should help you configure your RBAC.

http://www.opsvault.com/securing-ms-exchange-2010-role-based-access-control-rbac-simplified/
0
 
LVL 2

Author Comment

by:Glenn M
ID: 34997700
Checking out the Article to see if it will tell me more...
0
 
LVL 2

Assisted Solution

by:Glenn M
Glenn M earned 0 total points
ID: 35193988
That article gave me direciton, but then led me to this solution:

http://eightwone.com/2009/12/08/exchange-2010-delegation-model/

...but, one of the commands give me an error:

Get-ManagementRoleEntry “Reset UM Pin” | where { $_.name –ne “Get-UMMailboxPIN”} | Remove-ManagementRoleEntry

Powershell returns:

[PS] C:\Windows\system32>Get-ManagementRoleEntry "Reset UM Pin" | where { $_.name -ne "Get-UMMailboxPIN"} | Remove-ManagementRoleEntry
Cannot process argument transformation on parameter 'Identity'. Cannot convert value "Reset UM Pin" to type "Microsoft.
Exchange.Configuration.Tasks.RoleEntryIdParameter". Error: "The format of the value you specified in the Microsoft.Exch
ange.Configuration.Tasks.RoleEntryIdParameter parameter isn't valid. Check the value, and then try again.
Parameter name: identity"
    + CategoryInfo          : InvalidData: (:) [Get-ManagementRoleEntry], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-ManagementRoleEntry


I don’t think this is the expected behavior. Can you offer assistance?
0
 
LVL 2

Author Closing Comment

by:Glenn M
ID: 35230068
withthe combinded information, I was able to find a solution.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question