Exchange – two ways to create new role assignments.

Forgotten this recently and got caught spending some time investigating.

Boys and girls, remember one thing – if you create role assignments like this:

New-ManagementRoleAssignment -Name "ASSIGNMENT NAME" -Role "ApplicationImpersonation" -CustomRecipientWriteScope "IMPERSONATION USERS" -SecurityGroup "IMPERSONATION ADMINS"

where “IMPERSONATION ADMINS” is your a security group created by you – this role assignment will NOT be visible in your “admin roles” area in Exchange Console:

adminrolesarea

Instead, you need firstly create a Role Group and assign role to it, for instance

New-RoleGroup -Name "ROLE GROUP IMPERSONATION ADMINS"

New-ManagementRoleAssignment -Name "ASSIGNMENT NAME" -Role "ApplicationImpersonation" -CustomRecipientWriteScope "IMPERSONATION USERS" -SecurityGroup "ROLE GROUP IMPERSONATION ADMINS"

Only assigning a role to a role group allows it to appear in the admin roles area.

Remember about that!

remember

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s