Solved

Is this possible using RBAC?

Posted on 2013-01-25
3
347 Views
Last Modified: 2013-01-25
Not all that familiar with RBAC. Trying to learn but the terminology is confusing. I want to create a Role Group using Recipient Management as a template but I want to try and remove the ability for members of this new group to be able to adjust the mailbox limits of a mailbox. This is the only restriction the group member should have when managing the recipient. If it is possible, how would I go about doing that?
0
Comment
Question by:osiexchange
  • 2
3 Comments
 
LVL 40

Accepted Solution

by:
Adam Brown earned 280 total points
ID: 38819661
You would create a new Management Role Group to hold the Role Entries you need. From there, you would create a Management role entry for the Role Group that includes the set-mailbox cmdlet with the parameters you want them to use. You would then copy the remaining role entries from the Recipient Management Role Group to the Role group you created. Then the Management Role Group is assigned to a Group as a Management Role Assignment.

http://technet.microsoft.com/en-us/library/dd335180.aspx Has info on creating management role entries. A management role entry basically sets the powershell cmdlet and parameters for the cmdlet that a user who has the management role assigned to them can use. http://technet.microsoft.com/en-us/library/bb123981%28v=exchg.141%29.aspx has info on the set-mailbox cmdlet and parameters that can be used with it. If you add all the entries for set-mailbox that you want them to be able to use, you can limit what they do because what you don't include won't be accessible to them. You can do this for any powershell cmdlet that is available for Exchange. Each role entry controls a single Powershell Cmdlet, and they are added to role groups. The role groups are assigned to role members.
0
 

Author Comment

by:osiexchange
ID: 38819711
Thanks for all that info. One thing I don't understand is

"Then the Management Role Group is assigned to a Group as a Management Role Assignment."

Does this mean you are just adding a security group in AD to the Management Role Group?
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 38819764
Yes. You would assign the management role group to an AD group or user. They call that the Management Role Assignment.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question