Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 129
  • Last Modified:

RBAC in Exchange 2010

Can anyone assist with the below EMS error I recieve trying to add a role assignment with an OU scope:

WARNING: The domain.com/Group Objects/Stellar management scope won't be applied to the management role assignment for the Stellar DistributionGroups Management management role because the implicit scope on this role, MyDistributionGroups, is smaller than the specified scope.

I'm using a custom role named StellarDistributionGroups Management with the following entries (parent is distribution groups):
Add-DistributionGroupMember
Get-DistributionGroup
Get-DistributionGroupMember
Get-Group
Get-Recipient
New-DistributionGroup
Remove-DistributionGroupMember
Set-DynamicDistributionGroup
Set-Group
Update-DistributionGroupMember
Set-DistributionGroup

I'm running the following cmdlets:
[PS] C:\>New-ManagementRoleAssignment -Name "Stellar DL Managers" -SecurityGroup "stellar Distribution Group Managers" -Role "Stellar DistributionGroups Management" -RecipientOrganizationalUnitScope "domain.com/Group Objects/SA"
0
timgreen7077
Asked:
timgreen7077
  • 2
1 Solution
 
imkotteesCommented:
Hi,

there is a conflict in scope which you are specifying. try setting the same scope as StellarDistributionGroups mgmt role.
0
 
Jian An LimCommented:
to be precise, MyDistributionGroups has implicitrecipientreadscope of mygal

Get-ManagementRole mydistrib* | ft identity,impl*

i wonder why myDstributionGroups some into play.

how do you create your management role?

the right way is to use
new-managementrole -parent "Distribution groups" -name "StellarDL"

then run to find out what command you have
get-managementrole "StellarDl" | get-managementroleentry

if you want to remove command you basically do
get-managementrole "StellarDl" | get-managementroleentry <command you want to remove> | remove-managementroleentry -confirm:$false


then you run the below command
New-ManagementRoleAssignment -Name "Stellar DL Managers" -SecurityGroup "stellar Distribution Group Managers" -Role "StellarDl" -RecipientOrganizationalUnitScope "domain.com/Group Objects/SA"
p/s: you need to create the security group "Stellar distribution group managers" manually before run the command


OR

New-RoleGroup -Name <role group name> "Stellar DL Managers" -Roles <roles to assign> "StellarDl" -RecipientOrganizationalUnitScope "domain.com/Group Objects/SA"

p/s: remove the <comment> .. the above way will create the group in


please be very specific where you stuck so i can assist you further.
0
 
timgreen7077Author Commented:
I have been really busy last week. I will reattempt this today or tomorrow and update. Thanks.
0
 
timgreen7077Author Commented:
Thanks that fixed my issue.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now