Solved

Is this possible using RBAC?

Posted on 2013-01-25
3
327 Views
Last Modified: 2013-01-25
Not all that familiar with RBAC. Trying to learn but the terminology is confusing. I want to create a Role Group using Recipient Management as a template but I want to try and remove the ability for members of this new group to be able to adjust the mailbox limits of a mailbox. This is the only restriction the group member should have when managing the recipient. If it is possible, how would I go about doing that?
0
Comment
Question by:osiexchange
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 280 total points
ID: 38819661
You would create a new Management Role Group to hold the Role Entries you need. From there, you would create a Management role entry for the Role Group that includes the set-mailbox cmdlet with the parameters you want them to use. You would then copy the remaining role entries from the Recipient Management Role Group to the Role group you created. Then the Management Role Group is assigned to a Group as a Management Role Assignment.

http://technet.microsoft.com/en-us/library/dd335180.aspx Has info on creating management role entries. A management role entry basically sets the powershell cmdlet and parameters for the cmdlet that a user who has the management role assigned to them can use. http://technet.microsoft.com/en-us/library/bb123981%28v=exchg.141%29.aspx has info on the set-mailbox cmdlet and parameters that can be used with it. If you add all the entries for set-mailbox that you want them to be able to use, you can limit what they do because what you don't include won't be accessible to them. You can do this for any powershell cmdlet that is available for Exchange. Each role entry controls a single Powershell Cmdlet, and they are added to role groups. The role groups are assigned to role members.
0
 

Author Comment

by:osiexchange
ID: 38819711
Thanks for all that info. One thing I don't understand is

"Then the Management Role Group is assigned to a Group as a Management Role Assignment."

Does this mean you are just adding a security group in AD to the Management Role Group?
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 38819764
Yes. You would assign the management role group to an AD group or user. They call that the Management Role Assignment.
0

Featured Post

Can’t get the mobile email signature right?

Not having any luck when trying to create an email signature for mobile devices? Does the formatting keep messing up? Make sure you have great email signatures on all devices by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now