There are 85 Management Roles and 11 default role group in
Exchange Server 2013 SP1 which is listed the end of the article. To list the management roles and role group use the
following commands respectively
- Get-ManagementRole
- Get-RoleGroup
There is a requirement where we need to provide access only
for executing mailbox migration or mailbox movement for an engineer. The engineer
should not have any other access.
Tried to find the roles which hold PowerShell command (i.e
New-MoveRequest. Found it is under the role Move Mailboxes, Migration. This will help you to search the PowerShell command where it is in the role.
After finding it out follow the below steps
- Create new role group with adding the roles on it
- New-RoleGroup Ex2013Migration -Roles 'Move Mailboxes',Migration
- Add the user to the role that you have created
- Add-RoleGroupMember ‘Ex2013Migration’ –Member User1
- If you want to additional users to the role group.
- Update-RoleGroupMember ‘Ex2013Migration’ –Members User2,User3 –Confirm:$false
- To verify the user list
- Get-RoleGroupMember Ex2013Migration
- Verifying the Exchange 2013 RBAC in EAC
Attached
the PDF file which holds the complete PowerShell command with respect to the role.
Exchange 2013 RBAC Default Management Roles
- Organization Management
- Recipient Management
- View-Only Organization Management
- Public Folder Management
- UM Management
- Help Desk
- Records Management
- Discovery Management
- Server Management
- Delegated Setup
- Hygiene Management
Recipient Policies | Move Mailboxes | MyBaseOptions |
Active Directory Permissions | Organization Client Access | MyContactInformation |
Address Lists | Organization Configuration | MyProfileInformation |
Audit Logs | Organization Transport Settings | MyRetentionPolicies |
Cmdlet Extension Agents | POP3 And IMAP4 Protocols | MyTextMessaging |
Database Availability Groups | Public Folders | MyVoiceMail |
Database Copies | Receive Connectors | MyDiagnostics |
Databases | Remote and Accepted Domains | MyDistributionGroupMembership |
Disaster Recovery | Retention Management | MyDistributionGroups |
Distribution Groups | Role Management | MyTeamMailboxes |
E-Mail Address Policies | Security Group Creation and Membership | Org Custom Apps |
Edge Subscriptions | Send Connectors | Org Marketplace Apps |
Exchange Connectors | Support Diagnostics | Team Mailboxes |
Exchange Server Certificates | Transport Agents | UnScoped Role Management |
Exchange Servers | Transport Hygiene | View-Only Audit Logs |
Exchange Virtual Directories | Transport Queues | WorkloadManagement |
Federated Sharing | Transport Rules | ArchiveApplication |
Information Rights Management | UM Mailboxes | LegalHoldApplication |
Journaling | UM Prompts | MailboxSearchApplication |
Legal Hold | Unified Messaging | OfficeExtensionApplication |
Mail Enabled Public Folders | User Options | TeamMailboxLifecycleApplication |
Mail Recipient Creation | View-Only Configuration | UserApplication |
Mail Recipients | View-Only Recipients | MyAddressInformation |
Mail Tips | ApplicationImpersonation | MyDisplayName |
Mailbox Search | Data Loss Prevention | MyMobileInformation |
Message Tracking | Mailbox Import Export | MyName |
Migration | My Custom Apps | MyPersonalInformation |
Monitoring | My Marketplace Apps | ExchangeCrossServiceIntegration |
Reset Password |