Custom Management Role Group Not Functioning

Posted on 2011-04-30
Last Modified: 2012-05-11
I've been tasked to allow one user in an Exchange 2010 org the ability to remove and add SMTP addresses to the users he manages.  To this end, I have created a new "DevelopmentHelpDesk" role group assigned the "Mail Recipients" role and scoped to an OU created for the user in question and his subordinates.  I have added the user and a test user to the role group.  When I login to the ECP as the test user, I cannot modify any properties of a user in the scoped OU.  Below are details on what I've configured.  I would appreciate any advice on how to remedy this.


[PS] C:\Windows\system32>get-rolegroup developmenthelpdesk | fl

RunspaceId        : 1f404ffb-31dd-4a07-aacd-21db398ab6ec
ManagedBy         : {UserOrg.local/Users/Administrator, UserOrg.local/Microsoft Exchange Security Groups/Organization Management}
RoleAssignments   : {Mail Recipients-DevelopmentHelpDesk}
Roles             : {Mail Recipients}
DisplayName       :
Members           : {UserOrg.local/UserOrg/Users/Development/SN Test, UserOrg.local/UserOrg/Users/Development/John Doe}
SamAccountName    : DevelopmentHelpDesk
Description       : Custom Role Group: Members of this group have the Mail Recipient role scoped to the UserOrg.local/UserOrg/Users/Development OU
RoleGroupType     : Standard
LinkedGroup       :
IsValid           : True
ExchangeVersion   : 0.10 (
Name              : DevelopmentHelpDesk
DistinguishedName : CN=DevelopmentHelpDesk,OU=Microsoft Exchange Security Groups,DC=UserOrg,DC=local
Identity          : UserOrg.local/Microsoft Exchange Security Groups/DevelopmentHelpDesk
Guid              : 25057555-b075-44d4-9444-f98cae8a2ade
ObjectCategory    : UserOrg.local/Configuration/Schema/Group
ObjectClass       : {top, group}
WhenChanged       : 4/30/2011 1:19:38 PM
WhenCreated       : 4/30/2011 1:15:23 PM
WhenChangedUTC    : 4/30/2011 5:19:38 PM
WhenCreatedUTC    : 4/30/2011 5:15:23 PM
OrganizationId    :
OriginatingServer : DC.UserOrg.local

[PS] C:\Windows\system32>get-managementroleassignment -roleassignee developmenthelpdesk" | fl

RunspaceId                   : 1f404ffb-31dd-4a07-aacd-21db398ab6ec
User                         : UserOrg.local/Microsoft Exchange Security Groups/DevelopmentHelpDesk
AssignmentMethod             : Direct
Identity                     : Mail Recipients-DevelopmentHelpDesk
EffectiveUserName            : All Group Members
AssignmentChain              :
RoleAssigneeType             : RoleGroup
RoleAssignee                 : UserOrg.local/Microsoft Exchange Security Groups/DevelopmentHelpDesk
Role                         : Mail Recipients
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope    : UserOrg.local/UserOrg/Users/Development
CustomConfigWriteScope       :
RecipientReadScope           : Organization
ConfigReadScope              : OrganizationConfig
RecipientWriteScope          : OU
ConfigWriteScope             : OrganizationConfig
Enabled                      : True
RoleAssigneeName             : DevelopmentHelpDesk
IsValid                      : True
ExchangeVersion              : 0.11 (14.0.550.0)
Name                         : Mail Recipients-DevelopmentHelpDesk
DistinguishedName            : CN=Mail Recipients-DevelopmentHelpDesk,CN=Role Assignments,CN=RBAC,CN=USERORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=UserOrg,DC=local
Guid                         : 74abf344-8849-425e-bc48-c50d60d6ae5d
ObjectCategory               : UserOrg.local/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass                  : {top, msExchRoleAssignment}
WhenChanged                  : 4/30/2011 1:15:23 PM
WhenCreated                  : 4/30/2011 1:15:23 PM
WhenChangedUTC               : 4/30/2011 5:15:23 PM
WhenCreatedUTC               : 4/30/2011 5:15:23 PM
OrganizationId               :
OriginatingServer            : DC.UserOrg.local
Question by:SafetyNet-TC

    Author Comment

    I seem to never get answers to my questions unless I prompt a second time.  Does anyone have any advice at all?
    LVL 13

    Accepted Solution

    I believe this article answers your question exactly :

    Author Closing Comment

    Thank you.

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Set OWA language and time zone in Exchange for individuals, all users or per database.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    This video discusses moving either the default database or any database to a new volume.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now