Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

Is this possible using RBAC?

Not all that familiar with RBAC. Trying to learn but the terminology is confusing. I want to create a Role Group using Recipient Management as a template but I want to try and remove the ability for members of this new group to be able to adjust the mailbox limits of a mailbox. This is the only restriction the group member should have when managing the recipient. If it is possible, how would I go about doing that?
0
osiexchange
Asked:
osiexchange
  • 2
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
You would create a new Management Role Group to hold the Role Entries you need. From there, you would create a Management role entry for the Role Group that includes the set-mailbox cmdlet with the parameters you want them to use. You would then copy the remaining role entries from the Recipient Management Role Group to the Role group you created. Then the Management Role Group is assigned to a Group as a Management Role Assignment.

http://technet.microsoft.com/en-us/library/dd335180.aspx Has info on creating management role entries. A management role entry basically sets the powershell cmdlet and parameters for the cmdlet that a user who has the management role assigned to them can use. http://technet.microsoft.com/en-us/library/bb123981%28v=exchg.141%29.aspx has info on the set-mailbox cmdlet and parameters that can be used with it. If you add all the entries for set-mailbox that you want them to be able to use, you can limit what they do because what you don't include won't be accessible to them. You can do this for any powershell cmdlet that is available for Exchange. Each role entry controls a single Powershell Cmdlet, and they are added to role groups. The role groups are assigned to role members.
0
 
osiexchangeAuthor Commented:
Thanks for all that info. One thing I don't understand is

"Then the Management Role Group is assigned to a Group as a Management Role Assignment."

Does this mean you are just adding a security group in AD to the Management Role Group?
0
 
Adam BrownSr Solutions ArchitectCommented:
Yes. You would assign the management role group to an AD group or user. They call that the Management Role Assignment.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now