Exchange RBAC Tips N Tricks – PowerShell

Most of the time when working with RBAC in Exchange we are not using large scripts to create and manage roles.  Generally we use one-liners to configure RBAC.  So I thought it would be useful to post some of the ones that I find myself frequently using.

As always please add a comment, or hit me up on the contact page and  tell me want topics you want to see added here!

Where does this Cmdlet Live


Read the rest “Exchange RBAC Tips N Tricks – PowerShell”

Exchange RBAC Primer

After publishing some recent articles on RBAC, there was some feedback that a primer on RBAC would also be welcomed.  So here it is!

What is RBAC?

It is not Really Boring Access Control.

RBAC = Role Based Access Control.  As a concept it is not new, however Exchange 2010 was the first time that it has been natively supported in Exchange.  That being said, we still had the concept of roles in Exchange … Read the rest “Exchange RBAC Primer”


How To Add Or Remove Cmdlet Parameter From RBAC Management Role

In the previous posts on RBAC we have looked at customising various roles to ensure that the role contained the minimum amount of cmdlets.  RBAC provides even more granularity, and we can add or remove specific parameters from a cmdlet.  Since some folks asked for examples on this topic here are a couple of quick examples and some considerations….

If you want to use ECP, please read all the way down… Read the rest “How To Add Or Remove Cmdlet Parameter From RBAC Management Role”


Creating RBAC Role To Delegate Editing Contacts

Previously we discussed how to customise Exchange 2010 RBAC to delegate creating mail enabled contacts.  The intent of that original post was to allow for the for creation of simple mail enabled contacts that would facilitate sharing the SMTP address of a person outside the Exchange organisation.

Marc commented on that post as the provided solution did not fit his requirements which were different.… Read the rest “Creating RBAC Role To Delegate Editing Contacts”


Allow Users To Manage Distribution Groups Without Creating New Ones

In a previous post we discussed a scenario where users were delegated the capability to create Mail Enabled Contacts in Active Directory using a custom RBAC role.  As part of the solution, we enabled the MyDistributionGroups Role.  While this may meet the needs of most organisations it does introduce one issue where users who are assigned such a  Role Assignment Policy can edit Distribution Groups the… Read the rest “Allow Users To Manage Distribution Groups Without Creating New Ones”


Creating RBAC Role To Delegate Contact Management

Update 21-11-2013: If you want the additional contact fields to be edited then please review this post.

I had an interesting question the other week about solving a business challenge a customer had with regards to delegating the creation of contact objects in Active Directory.  In their previous messaging system users were managing their own external distribution groups, adding and removing externa… Read the rest “Creating RBAC Role To Delegate Contact Management”