Delegated Setup: Allows the user to deploy an Exchange installation - although not administer it.
Discovery Management: Allows the user to perform a search within all users mailboxes - this is often applied when doing auditing.
Help Desk: Allows the user to modify variables that are often required by a support team - for example changing a users telephone number.
Hygiene Management: Allows the user to manage the anti-malware and anti-spam settings related to Exchange.
Organizational Management: Provides the user with complete administrative control of Exchange.
Public Folder Management: Allows the user to manage public folders.
Recipient Management: Allows the user to create, delete and modify recipients.
Records Management: Allows the user to manage settings related to he compliance features e.g. auditing, rentation policies etc.
Server Management: Allows the user to work on the server management level only (e.g. managing recourse allocation) and hence not allowing them to work on the organizational level.
UM Management: Allows the user to manage all aspects of Unified Messaging.
You can get an overview of all of these (and their assosiated management roles) by using the "Get-RoleGroup" commands:
Get-RoleGroup
In order to see who is currently in a management role group you can use EMC:
Get-RoleGroupMember "Discovery Management"
or
Get-RoleGroupMember "Organization Administrators" -ReadFromDomainControllerYou could also check the corrosponding securiy group in AD under the "Microsoft Exchange Sercurity Groups" OU.
And to view a list of all available management roles:
Get-ManagementRoleIdeally what we want to do is create a custom role group that we can then assign to a user(s):
New-RoleGroup -Name MyCustomRoleGroup -Roles "Team Mailboxes" -Members user1,user2,user3 -ManagedBy "adminuser"and finally we will assign an additional user to our custom role group:
Add-RoleGroupMember MyCustomRoleGroup -Member user4
No comments:
Post a Comment