rbac

Challenge: Employee want to create a contact object in active directory ou, to manage it selfs. So they can add and remove external e-mail address on his manage distribution groups.

You need some powershell commands for this.

Most commands found here, thanks to paul for his great blog post.

https://practical365.com/exchange-server/exchange-server-role-based-access-control-in-action/

Get-ManagementRoleEntry “Mail Recipients\*” | Select Name

Get-ManagementRoleEntry “View-Only Recipients\*” | Select Name

New-ManagementRole -Parent “Mail Recipients” -Name “Custom Role – Mail Contacts”
New-ManagementRole -Parent “Mail Recipient Creation” -Name “Custom Role – Mail Contacts Creation”

Get-ManagementRoleEntry “Custom Role – Mail Contacts\*” | Where {$_.Name -notlike “*MailContact”} | Remove-ManagementRoleEntry
Get-ManagementRoleEntry “Custom Role – Mail Contacts Creation\*” | Where {$_.Name -notlike “*MailContact”} | Remove-ManagementRoleEntry

Get-ManagementRoleEntry “Custom Role – Mail Contacts\*”

Get-ManagementRoleEntry “Custom Role – Mail Contacts Creation\*”

New-ManagementRole -Parent “View-Only Recipients” -Name “Custom Role – View-Only Recipients”

Get-ManagementRoleEntry “Custom Role – View-Only Recipients\*” | Where {$_.Name -notlike “*MailContact”} | Remove-ManagementRoleEntry

Add-ManagementRoleEntry “Custom Role – View-Only Recipients\Get-OrganizationalUnit”
Add-ManagementRoleEntry “Custom Role – View-Only Recipients\Get-Recipient”
Add-ManagementRoleEntry “Custom Role – View-Only Recipients\Get-Contact”

Get-ManagementRoleEntry “Custom Role – View-Only Recipients\*”

New-RoleGroup –Name “Contact Editor” –Roles “Custom Role – View-Only Recipients”, “Custom Role – Mail Contacts”, “Custom Role – Mail Contacts Creation”

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Konkretor Blog, IT Stuff and more

linux, windows, ubuntu, aws, vmware

create a exchange role to edit active directory contacts