Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is this possible using RBAC?

Posted on 2013-01-25
3
Medium Priority
?
362 Views
Last Modified: 2013-01-25
Not all that familiar with RBAC. Trying to learn but the terminology is confusing. I want to create a Role Group using Recipient Management as a template but I want to try and remove the ability for members of this new group to be able to adjust the mailbox limits of a mailbox. This is the only restriction the group member should have when managing the recipient. If it is possible, how would I go about doing that?
0
Comment
Question by:osiexchange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 1120 total points
ID: 38819661
You would create a new Management Role Group to hold the Role Entries you need. From there, you would create a Management role entry for the Role Group that includes the set-mailbox cmdlet with the parameters you want them to use. You would then copy the remaining role entries from the Recipient Management Role Group to the Role group you created. Then the Management Role Group is assigned to a Group as a Management Role Assignment.

http://technet.microsoft.com/en-us/library/dd335180.aspx Has info on creating management role entries. A management role entry basically sets the powershell cmdlet and parameters for the cmdlet that a user who has the management role assigned to them can use. http://technet.microsoft.com/en-us/library/bb123981%28v=exchg.141%29.aspx has info on the set-mailbox cmdlet and parameters that can be used with it. If you add all the entries for set-mailbox that you want them to be able to use, you can limit what they do because what you don't include won't be accessible to them. You can do this for any powershell cmdlet that is available for Exchange. Each role entry controls a single Powershell Cmdlet, and they are added to role groups. The role groups are assigned to role members.
0
 

Author Comment

by:osiexchange
ID: 38819711
Thanks for all that info. One thing I don't understand is

"Then the Management Role Group is assigned to a Group as a Management Role Assignment."

Does this mean you are just adding a security group in AD to the Management Role Group?
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 38819764
Yes. You would assign the management role group to an AD group or user. They call that the Management Role Assignment.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question