One Trick and Tip for Exchange Server 2010 SP1

After SP1, the security structure of exchange server has been improved. Exchange Server 2010 used shared permissions but now  it uses split  permissions. I will give you an example to understand what it is, A Exchange Server Administrator is able to manage its organization, it cannot manage other organization.

Ok, how to use new-mailbox command now?

1- Use split permissions and create user

2- If you say “I was happy to use shared permissions structure” let’s turn to old habits

a- /PrepareAD /ActiveDirectorySplitPermissions:false

b- New-ManagementRoleAssignment “Mail Recipient Creation_Organization Management” -Role “Mail Recipient Creation” -SecurityGroup “Organization Management”
New-ManagementRoleAssignment “Security Group Creation and Membership_Org Management” -Role “Security Group Creation and Membership” -SecurityGroup “Organization Management”
New-ManagementRoleAssignment “Mail Recipient Creation_Recipient Management” -Role “Mail Recipient Creation” -SecurityGroup “Recipient Management”

3- Restart the Server


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: