LNKDLNY2
asked on
Exchange 2010 RBAC - Custom role group required to modify user's email addresses?
I am fairly new to Exchange 2010 RBAC however I do have a bit of experience working in a RBAC model. I am tasked with delegating some permissions in Exchange to our helpdesk staff. Specifically, I want them to be able to modify user email addresses (add/modify/delete SMTP, X400/Custom addresses etc).
From looking at the options presented to me by the built-in role groups, I think I will need to create a custom one. If this is the case, can somebody help me create this custom role group with just the permissions necessary to accomplish this task? I would greatly appreciate it so I may create custom role groups for various tasks going forward.
From looking at the options presented to me by the built-in role groups, I think I will need to create a custom one. If this is the case, can somebody help me create this custom role group with just the permissions necessary to accomplish this task? I would greatly appreciate it so I may create custom role groups for various tasks going forward.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1. Identify a current role that you may be able to use as a starting point. From there, you will want to export a list of all entries (cmdlets) in that role:
Get-ManagementRoleEntry ‘<MGMTROLE>\*’ (substitute <MGMTROLE> with the actual role you have identified)
2. Pipe that into a CSV file.
3. Open the CSV file and determine what entries you would like to remove.
4. Create your custom mgmt role based on the one you identified:
New-ManagementRole -Name <CUSTOMROLE> -Parent <MGMTROLE>
5. Now remove the roles from <CUSTOMROLE> that you don't need:
(I used an array and foreach)
foreach ($Role in $RolesToRemove){Remove-Man
After that, your custom role is ready to be assigned to a role group.