RSS

rbac in exchange 2010 example 1

11 May

get-managementrole  

by default, there are 64 roles

get-managementrole | ? {$_.name –like “mail*” }

create a new role “employee mailbox creation”

new-managementrole –name “employee mailbox creation” –parent “mail recipient creation”

see what command the new group can use

get-managementroleentry “employee mailbox creation\*”

get what those command that should not be used

get-managementroleentry “employee mailbox creation\*”  | ? {$_.name –like “remove*”}

create a new scope

New-ManagementScope -Name fte -RecipientRoot te01.com/testou -RecipientRestrictionFilter {RecipientType -eq "UserMailbox" -or RecipientType -eq "MailUser" -or RecipientType -eq "MailContact"}

get-rolegroup

create a new role group

new-rolegroup –name “employee mailbox provocaton” –roles “employee mailbox creation” –customrecipientwritescope fte

add administor to this role group

add-rolegroupmember –identy “employee mailbox provocation” –members test01

see almost full information:

the 3W process:

1-create a management role

2-custom the management role entry (what can do)

3-create a scope (where can do)

4-create the role group connect with management role and scope (who can do )

5-add administrator in the role group

Advertisements
 
 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: