Link to home
Start Free TrialLog in
Avatar of LNKDLNY2
LNKDLNY2

asked on

Exchange 2010 RBAC - Custom role group required to modify user's email addresses?

I am fairly new to Exchange 2010 RBAC however I do have a bit of experience working in a RBAC model.  I am tasked with delegating some permissions in Exchange to our helpdesk staff.  Specifically, I want them to be able to modify user email addresses (add/modify/delete SMTP, X400/Custom addresses etc).

From looking at the options presented to me by the built-in role groups, I think I will need to create a custom one.  If this is the case, can somebody help me create this custom role group with just the permissions necessary to accomplish this task?  I would greatly appreciate it so I may create custom role groups for various tasks going forward.
ASKER CERTIFIED SOLUTION
Avatar of Bembi
Bembi
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LNKDLNY2
LNKDLNY2

ASKER

Bembi, thank you for the links.  For others that may need to do this, the process I used is as follows:

1. Identify a current role that you may be able to use as a starting point.  From there, you will want to export a list of all entries (cmdlets) in that role:
Get-ManagementRoleEntry ‘<MGMTROLE>\*’  (substitute <MGMTROLE> with the actual role you have identified)

2. Pipe that into a CSV file.
3. Open the CSV file and determine what entries you would like to remove.
4. Create your custom mgmt role based on the one you identified:
New-ManagementRole -Name <CUSTOMROLE> -Parent <MGMTROLE>

5. Now remove the roles from <CUSTOMROLE> that you don't need:
(I used an array and foreach)
foreach ($Role in $RolesToRemove){Remove-ManagementRoleEntry <CUSTOMROLE>\$Role}

After that, your custom role is ready to be assigned to a role group.