One Trick and Tip for Exchange Server 2010 SP1

After SP1, the security structure of exchange server has been improved. Exchange Server 2010 used shared permissions but now  it uses split  permissions. I will give you an example to understand what it is, A Exchange Server Administrator is able to manage its organization, it cannot manage other organization.

Ok, how to use new-mailbox command now?

1- Use split permissions and create user

2- If you say “I was happy to use shared permissions structure” let’s turn to old habits

a- setup.com /PrepareAD /ActiveDirectorySplitPermissions:false

b- New-ManagementRoleAssignment “Mail Recipient Creation_Organization Management” -Role “Mail Recipient Creation” -SecurityGroup “Organization Management”
New-ManagementRoleAssignment “Security Group Creation and Membership_Org Management” -Role “Security Group Creation and Membership” -SecurityGroup “Organization Management”
New-ManagementRoleAssignment “Mail Recipient Creation_Recipient Management” -Role “Mail Recipient Creation” -SecurityGroup “Recipient Management”

3- Restart the Server

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: